CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

528 matches found

NVD•added 2026/04/21 5:16 p.m.•1 views

CVE-2026-38834

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the dopingaction function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

7.3CVSS0.14404EPSS

Exploits1References1

NVD•added 2026/01/13 5:15 p.m.•1 views

CVE-2025-65784

Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request...

6.5CVSS0.0004EPSS

Exploits1References3

OSV•added 2026/01/13 4:15 p.m.•0 views

CVE-2025-65783

An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...

9.8CVSS6.1AI score0.00118EPSS

Exploits0References3

CVE•added 2026/01/13 12:0 a.m.•6 views

CVE-2025-65783

CVE-2025-65783: Hubert Hub v2.0 1.27.3 contains an arbitrary file upload flaw in /utils/uploadFile that allows an attacker to execute arbitrary code by uploading a crafted PDF. The description and connected Red Hat/NVD entries confirm the vulnerability type and impact (remote, no authentication, ...

9.8CVSS7.5AI score0.00118EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/01/13 12:0 a.m.•3 views

PT-2026-2486

Name of the Vulnerable Software and Affected Versions Hubert Imoveis e Administracao Ltda Hub v2.0 version 1.27.3 Description The software contains insecure permissions that allow authenticated attackers with low-level privileges to access other users' information through a specially crafted API...

6.5CVSS5.4AI score0.0004EPSS

Exploits1References7

RedhatCVE•added 2026/01/09 11:24 a.m.•4 views

CVE-2021-31327

Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field...

5.4CVSS6AI score0.0037EPSS

Exploits1References1

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52248

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about this vulnerability, but didn't respond with th...

8.7CVSS6.8AI score0.00097EPSS

Exploits0References4

OSV•added 2025/10/27 7:16 p.m.•1 views

AZL-69619 CVE-2025-61099 affecting package frr for versions less than 8.5.5-5

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaqueinfodetail function at ospfopaque.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted LS Update packet...

7.5CVSS5.8AI score0.00201EPSS

Exploits1References1

CVE•added 2025/10/10 9:30 a.m.•8 views

CVE-2025-52650

CVE-2025-52650 – HCL AION v2.0 : A CSP-related issue allows inline script execution due to improper CSP enforcement in HCL AION version 2.0. The root cause is CSP misconfiguration that fails to block inline scripts, enabling potential script injection within the application. Documented sources (P...

8.2CVSS6.8AI score0.00053EPSS

Exploits0References1Affected Software1