CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39469 matches found

PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting

PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...

6.1CVSS6.5AI score0.0608EPSS

Exploits3References5

Nuclei•added yesterday•11 views

QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS7.6AI score0.78395EPSS

Exploits0References4

Nuclei•added yesterday•51 views

Kaseya Virtual System Administrator - Open Redirect

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. id: CVE-2015-286...

4.3CVSS5.9AI score0.10317EPSS

Exploits2References5

Chainguard•added 2 days ago•7 views

GHSA-2CW7-V8FF-P88R vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

5.8AI score

Exploits0

Chainguard•added 2 days ago•3 views

GHSA-53WW-G6WP-VWP6 vulnerabilities

Vulnerabilities for packages: chromium...

5.8AI score

Exploits0

Wolfi•added 2 days ago•5 views

CVE-2025-3000 vulnerabilities

Vulnerabilities for packages: open-webui...

5.3CVSS6AI score0.0017EPSS

Exploits0

Wolfi•added 2 days ago•5 views

CVE-2026-46602 vulnerabilities

Vulnerabilities for packages: hugo-extended, mattermost, seaweedfs, filebrowser, mailpit...

7.5CVSS5.8AI score0.00339EPSS

Exploits0

Wolfi•added 2 days ago•7 views

GHSA-PWFV-328H-75X9 vulnerabilities

Vulnerabilities for packages: hugo-extended, mattermost, seaweedfs, filebrowser, mailpit...

5.8AI score

Exploits0

Wolfi•added 2 days ago•7 views

GHSA-47QP-HQVX-6R3F vulnerabilities

Vulnerabilities for packages: apache-pulsar, kafka, apache-nifi, druid...

5.8AI score

Exploits0

RedhatCVE•added 3 days ago•4 views

CVE-2026-54679

A flaw was found in jq, a command-line JSON processor. On 32-bit systems, a local attacker could exploit an integer overflow vulnerability in the jvpstringappend function. This could lead to a massive buffer overrun, resulting in a denial of service DoS condition. Mitigation Mitigation for this...

6.9CVSS5.8AI score0.00103EPSS

Exploits0References4

AlpineLinux•added 3 days ago•5 views

CVE-2026-40941

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31...

7.1CVSS5.7AI score0.00185EPSS

Exploits0

CVE•added 3 days ago•9 views

CVE-2026-50176

The CVE-2026-50176 entry concerns the WebSocket API which lacks a limit on the number of authentication requests. This absence of rate limiting can enable denial-of-service or brute-force attempts to gain unauthorized access. The issue is rated HIGH severity (CVSS v3.1: 7.5; CVSS v4.0: 8.7) with ...

8.7CVSS5.9AI score0.00391EPSS

Exploits0References3

CVE•added 3 days ago•8 views

CVE-2026-44622

CVE-2026-44622 affects EVoke Systems EVoke CSMS (charging stations). The vulnerability is described as insufficiently protected credentials, causing authentication identifiers to be publicly accessible via web-based mapping platforms. CVSS v3.1 base score 6.5 (MEDIUM) and CVSS v4.0 base score 6.9...

6.9CVSS5.8AI score0.00248EPSS

Exploits0References3