CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Vulnrichment•added 2026/05/22 12:17 p.m.•11 views

CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.7AI score0.00416EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:33 a.m.•5 views

CVE-2024-41942

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to versions 4.1.6 and 5.1.0, if a user is granted the admin:users scope, they may escalate their own privileges by making themselves a full admin user. The impact is relatively small in that...

7.2CVSS7.1AI score0.0059EPSS

Exploits0References1

CNNVD•added 2025/11/26 12:0 a.m.•3 views

WordPress plugin Houzez 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

6.3CVSS7.2AI score0.00216EPSS

Exploits0References3

Tenable Nessus•added 2025/08/20 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2023-23969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsin...

7.5CVSS6.8AI score0.47102EPSS

Exploits0References2

NVD•added 2025/01/24 6:15 p.m.•7 views

CVE-2025-24562

Cross-Site Request Forgery CSRF vulnerability in Optimal Access KBucket kbucket allows Stored XSS.This issue affects KBucket: from n/a through = 4.1.6...

7.1CVSS0.00178EPSS

Exploits0References1

Positive Technologies•added 2025/01/24 12:0 a.m.•2 views

PT-2025-5407 · Kbucket · Kbucket

Name of the Vulnerable Software and Affected Versions: KBucket versions through 4.1.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions through 4.1.6, update to a version that contains a fix for this issue. At the momen...

7.1CVSS6.8AI score0.00178EPSS

Exploits0References3

OSV•added 2024/08/08 3:15 p.m.•8 views

PYSEC-2024-200

7.2CVSS7.2AI score0.0059EPSS

Exploits0References3

NVD•added 2024/08/08 3:15 p.m.•15 views

CVE-2024-41942

7.2CVSS0.0059EPSS

Exploits0References3

UbuntuCve•added 2024/08/08 3:15 p.m.•12 views

CVE-2024-41942

7.2CVSS7AI score0.0059EPSS

Exploits0References6

OSV•added 2024/08/08 3:15 p.m.•1 views

UBUNTU-CVE-2024-41942

7.2CVSS7.1AI score0.0059EPSS

Exploits0References7

Cvelist•added 2024/08/08 2:36 p.m.•31 views

CVE-2024-41942 JupyterHub has a privilege escalation vulnerability with the `admin:users` scope

7.2CVSS0.0059EPSS

Exploits0References3

Debian CVE•added 2024/08/08 2:36 p.m.•15 views

CVE-2024-41942

7.2CVSS7.2AI score0.0059EPSS

Exploits0

CVE•added 2024/08/08 2:36 p.m.•304 views

CVE-2024-41942

CVE-2024-41942 – JupyterHub privilege escalation : Prior to versions 4.1.6 and 5.1.0, a user with the admin:users scope can elevate themselves to a full admin user. The issue arises from treating admin:users as equivalent to admin=True, enabling unauthorized elevation within JupyterHub’s admin sc...

7.2CVSS7.3AI score0.0059EPSS

Exploits0References3Affected Software1