CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

137 matches found

Pterodactyl Panel - Remote Code Execution

Pterodactyl is a free, open-source game server management panel. Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. id: CVE-2025-49132 info: name: Pterodactyl Panel - Remote Code Execution...

10CVSS6AI score0.12525EPSS

Exploits27References3

Tenable Nessus•added 2026/04/05 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-65114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0...

7.5CVSS5.9AI score0.00298EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 9:34 a.m.•9 views

CVE-2024-41960

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...

4.8CVSS7.2AI score0.0043EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:58 a.m.•5 views

CVE-2023-45823

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

7.5CVSS7AI score0.00105EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:44 a.m.•5 views

CVE-2022-23626

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

8.8CVSS6.8AI score0.04273EPSS

Exploits4References1

RedhatCVE•added 2026/01/09 8:34 a.m.•5 views

CVE-2024-41121

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

8.8CVSS6.7AI score0.00451EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:10 a.m.•5 views

CVE-2019-16765

If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to...

7.8CVSS7AI score0.00841EPSS

Exploits0References1

IBM Security Bulletins•added 2025/11/20 10:25 a.m.•23 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality [CVE-2025-1993]

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user. This bulletin provides patch information to address the vulnerability in I...

5.5CVSS6AI score0.00041EPSS

Exploits0Affected Software1