CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

80 matches found

Cvelist•added 2026/03/19 2:24 p.m.•20 views

CVE-2026-22557

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS0.00032EPSS

Exploits2References1

CNNVD•added 2026/02/12 12:0 a.m.•1 views

Bullwark Momentum Series JAWS 路径遍历漏洞

Bullwark Momentum Series JAWS is a server software for network video recorders developed by Bullwark Corporation. Version 1.0 of Bullwark Momentum Series JAWS contains a path traversal vulnerability; this vulnerability stems from HTTP requests that allow directory traversal, potentially leading t...

8.7CVSS7.3AI score0.00836EPSS

Exploits0References4

CNNVD•added 2026/01/27 12:0 a.m.•1 views

HPE Aruba Networking Fabric Composer security vulnerabilities

HPE Aruba Networking Fabric Composer is a network orchestration software developed by the American company HPE. HPE Aruba Networking Fabric Composer has a security vulnerability, which stems from defects in its web-based management interface. This vulnerability could allow unauthenticated remote...

7.5CVSS5.8AI score0.00051EPSS

Exploits0References2

Github Security Blog•added 2026/01/23 9:30 a.m.•2 views

Hibernate vulnerable to SQL Injection

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...

8.3CVSS6AI score0.00074EPSS

Exploits1References10Affected Software1

RedhatCVE•added 2026/01/09 9:13 a.m.•5 views

CVE-2022-31062

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

5.3CVSS6.7AI score0.11001EPSS

Exploits3References1

RedhatCVE•added 2026/01/01 9:26 p.m.•4 views

CVE-2015-10145

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/runcommands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary she...

8.8CVSS7.8AI score0.00111EPSS

Exploits1References1

Cvelist•added 2025/12/24 7:28 p.m.•25 views

CVE-2019-25256 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulati...

7.1CVSS0.00362EPSS

Exploits1References3

Cvelist•added 2025/12/24 7:27 p.m.•27 views

CVE-2018-25142 NovaRad NovaPACS Diagnostics Viewer 8.5 XML External Entity Injection

NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity XXE injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack...

9.8CVSS0.00029EPSS

Exploits1References3