CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

666 matches found

CVE-2026-46915

Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite component: Production. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...

8.5CVSS0.0037EPSS

Exploits0References1

vulnersOsv•added 2026/04/16 10:36 p.m.•8 views

@afd-software/angular-ng-autocomplete (=14.0.0), @angularexpert/my-workspace (=0.0.0) +147 more potentially affected by CVE-2026-41423 via @angular/platform-server (>=0.0.0-0 <=18.2.14)

@angular/platform-server NPM version =0.0.0-0, =5.0.0, =1.0.0, =0.0.1, =2.0.0, =0.0.6, =19.3.0, =1.5.0, =1.4.1, =1.5.2 - @nani-creative-labs/app-builder =1.0.0 - @nger/angular =1.0.3 and more Source cves: CVE-2026-41423 Source advisory: OSV:GHSA-45Q2-GJVG-7973...

8.7CVSS5.4AI score0.00246EPSS

Exploits0

ATTACKERKB•added 2026/04/14 12:6 a.m.•1 views

CVE-2026-0512

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

6.1CVSS6AI score0.00226EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/13 12:0 a.m.•6 views

PT-2026-32248

UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

5.7CVSS5.8AI score0.00099EPSS

Exploits0References2

vulnersOsv•added 2026/04/03 9:35 p.m.•3 views

fabricauthenticator (>=0.0.2.5 <=1.3.4rc0), jupyterhub-ltiauthenticator (=1.3.0) +7 more potentially affected by CVE-2026-33175 via oauthenticator (>=14.0.0 <=16.3.1)

oauthenticator PYPI version =14.0.0, =0.0.2.5, =3.0.0, =1.0.2, =0.1.0, =1.1.9, =0.5.0, =0.2.25, =0.3.2 Source cves: CVE-2026-33175 Source advisory: OSV:GHSA-RRVG-CXH4-QHRV...

8.8CVSS5.4AI score0.00355EPSS

Exploits0

Cvelist•added 2026/03/05 7:10 a.m.•22 views

CVE-2026-28536

Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

9.6CVSS0.00183EPSS

Exploits0References3

SUSE CVE•added 2026/01/10 12:23 a.m.•3 views

SUSE CVE-2026-21860

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present...

6.3CVSS6.9AI score0.00424EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:17 a.m.•6 views

CVE-2019-2597

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: PIA Core Technology. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

5.8CVSS5.6AI score0.0098EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:3 a.m.•14 views

CVE-2024-39670

Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability...

6.2CVSS7.2AI score0.0011EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:52 a.m.•6 views

CVE-2021-2288

Vulnerability in the Oracle Bills of Material product of Oracle E-Business Suite component: Bill Issues. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Bills of Material...

8.1CVSS6.9AI score0.00931EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•5 views

CVE-2025-23884

Cross-Site Request Forgery CSRF vulnerability in Chris Roberts Annie annie allows Cross Site Request Forgery.This issue affects Annie: from n/a through = 2.1.1...

7.1CVSS7.2AI score0.00197EPSS

Exploits0References1

Positive Technologies•added 2025/11/19 12:0 a.m.•5 views

PT-2025-47476

Name of the Vulnerable Software and Affected Versions Looker versions prior to 24.12.106 Looker versions 24.12.106 through 24.18.198 Looker versions prior to 25.0.75 Looker versions 25.0.75 through 25.6.63 Looker versions prior to 25.6.63 Looker versions 25.6.63 through 25.8.45 Looker versions...

6CVSS5.5AI score0.00231EPSS

Exploits0References5

Cvelist•added 2025/11/11 4:50 p.m.•6 views

CVE-2025-27712

Improper neutralization for some IntelR Neural Compressor software before version v3.4 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This...

5.7CVSS0.00102EPSS

Exploits0References1

Japan Vulnerability Notes•added 2025/10/22 4:54 a.m.•5 views

Multiple stored cross-site scripting vulnerabilities in Movable Type

Overview Movable Type provided by Six Apart Ltd. contains multiple stored cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in Edit ContentData page CWE-79 - CVE-2025-54856 Stored cross-site scripting vulnerability in Edit CategorySet of ContentType page...

4.8CVSS6.1AI score0.00188EPSS

Exploits0References6