CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

158 matches found

RedhatCVE•added 2026/05/12 8:20 a.m.•10 views

CVE-2026-42571

Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI. This attack allows any user...

9CVSS5.7AI score0.0032EPSS

Exploits0References1

Github Security Blog•added 2026/04/24 3:19 p.m.•11 views

Contour has Lua code injection via Cookie Path Rewrite Policy

Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...

8.1CVSS6.3AI score0.00441EPSS

Exploits0References8Affected Software1

OSV•added 2026/03/16 6:57 p.m.•4 views

CVE-2026-32262 Craft CMS has a Path Traversal Vulnerability in AssetsController

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

5.3CVSS5.9AI score0.00291EPSS

Exploits0References4

OSV•added 2026/03/01 1:31 a.m.•5 views

GHSA-5VRJ-WF7V-5WR7 Statamic vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 5.73.11 and 6.4.0...

8.7CVSS5.8AI score0.00259EPSS

Exploits0References5

ATTACKERKB•added 2026/01/22 1:51 a.m.•7 views

CVE-2026-23962

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very large amount of options, greatly increasing...

7.5CVSS5.6AI score0.00487EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2026/01/07 9:39 a.m.•7 views

CVE-1999-0662

A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete...

10CVSS6.9AI score0.01908EPSS

Exploits0References1

Github Security Blog•added 2025/12/10 3:46 p.m.•12 views

XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

Impact XWiki's REST API doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the...

8.7CVSS6.8AI score0.00339EPSS

Exploits0References5Affected Software1

OSV•added 2025/12/05 6:12 p.m.•3 views

GHSA-RJ35-4M94-77JH Envoy forwards early CONNECT data in TCP proxy mode

Summary Forwarding of early CONNECT data in TCP proxy mode. Details Per RFC 7231-4.3.6 the sender of CONNECT and all inbound proxies switch to tunnel mode only after receiving 2xx response. However in TCP proxy mode, Envoy accepts client data before it has issued a 2xx response and eagerly proxie...

3.7CVSS6.5AI score0.00272EPSS

Exploits0References3

Github Security Blog•added 2025/10/13 8:9 p.m.•8 views

Omni vulnerable to information leak via API

Impact Omni might leak sensitive information via an API. Patches v1.1.5, v1.0.2 and v1.2.0 contain the patch. Workarounds None. References None...

8.6CVSS6.7AI score0.00284EPSS

Exploits0References4Affected Software1