CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

224 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible. The ansible-core user module allows an unprivileged user to silently create or replace the contents of any file on any system path, and to take ownership of that file when a privileged user executes the user module against the unprivileged user’s home directory. ...

6.3CVSS6.9AI score0.00029EPSS

Exploits0References2

EUVD•added 2026/03/12 9:34 p.m.•1 views

EUVD-2026-11706

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

10CVSS5.8AI score0.00242EPSS

Exploits1References4

CVE•added 2026/02/01 12:15 p.m.•7 views

CVE-2021-47917

CVE-2021-47917 affects Simple CMS 2.1. It describes a persistent cross-site scripting (XSS) vulnerability in user input parameters that attackers can inject via the newUser and editUser modules. The injected scripts can execute on the user list preview, potentially leading to session hijacking an...

6.4CVSS5.9AI score0.00021EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/02/01 12:0 a.m.•4 views

PT-2026-5562

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

6.4CVSS5.9AI score0.00021EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 12:36 p.m.•5 views

CVE-2023-49244

Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS7AI score0.00111EPSS

Exploits0References1

Snyk•added 2025/12/04 12:31 p.m.•1 views

Insertion of Sensitive Information into Log File

Overview ansible is a simple IT automation system. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the community.general.keycloakuser module due to exposing the credentials.value field in verbose output. An attacker can obtain sensitive...

6.8CVSS6.8AI score0.00021EPSS

Exploits0References2

Veracode•added 2025/11/20 11:5 a.m.•3 views

Remote Code Execution (RCE)

Dolibarr is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the computed field parameter in the User module configuration, which allows an attacker to inject malicious input and execute arbitrary code...

8.8CVSS7.6AI score0.00218EPSS

Exploits0References3Affected Software1

EUVD•added 2025/11/10 3:31 p.m.•2 views

EUVD-2025-44060

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

6.6AI score0.00028EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2019-3484

Malware in sbrugna...

6.1CVSS6.2AI score0.0024EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-3485

Malware in sbrugna...

7.8CVSS7.7AI score0.00203EPSS

Exploits1References4