CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3192 matches found

CVE-2019-25723

CVE-2019-25723 describes an improper input handling vulnerability in Dräger Perseus A500 software 2.00–2.02 . An external attacker can cause a DoS by sending specially crafted, non-Medibus‑compliant data through the Medibus interface , flooding the internal processor and triggering a warm restart...

6.3CVSS5.8AI score0.00043EPSS

Exploits0References2

Nuclei•added 3 days ago•110 views

XWiki Platform - Remote Code Execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...

9.9CVSS8AI score0.90263EPSS

Exploits1References4

Positive Technologies•added 2026/02/05 12:0 a.m.•4 views

PT-2026-6581

Name of the Vulnerable Software and Affected Versions 10-Strike Network Inventory Explorer version 9.03 Description The software contains a buffer overflow issue in the file import functionality that enables remote attackers to run code without authorization. An attacker can create a specially...

9.8CVSS6.5AI score0.00053EPSS

Exploits0References6

Positive Technologies•added 2026/02/03 12:0 a.m.•2 views

PT-2026-5838

Name of the Vulnerable Software and Affected Versions School ERP Pro version 1.0 Description School ERP Pro version 1.0 has a flaw that allows attackers to read arbitrary files without needing to log in. This is possible by manipulating the document parameter within the 'download.php' file. By...

8.7CVSS5.6AI score0.02185EPSS

Exploits1References7

EUVD•added 2026/02/01 12:56 p.m.•2 views

EUVD-2021-34750

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.9AI score0.00666EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 9:24 a.m.•1 views

CVE-2023-40153

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software...

6.1CVSS6AI score0.00259EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:46 a.m.•2 views

CVE-2025-23569

Cross-Site Request Forgery CSRF vulnerability in Kelvin Ng Shortcode in Comment shortcode-in-comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through = 1.1.1...

7.1CVSS7.2AI score0.00041EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:43 a.m.•8 views

CVE-2022-37922

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

7.2CVSS7.7AI score0.0057EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:41 a.m.•5 views

CVE-1999-0661

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as 1 TCP Wrappers 7.6, 2 util-linux 2.9g, 3 wuarchive ftpd wuftpd 2.2 and 2.1f, 4 IRC client ircII ircII 2.2.9, 5 OpenSSH 3.4p1, or 6 Sendmail 8.12.6...

10CVSS7AI score0.06416EPSS

Exploits0References1

Veracode•added 2025/12/01 1:20 p.m.•2 views

Arbitrary Code Execution

melisplatform/melis-cms-slider is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of uploaded files, where the mcsdetailimg parameter in the saveDetailsForm endpoint accepts malicious file uploads, and attackers can exploit this to upload executable...

9.3CVSS8.1AI score0.01277EPSS

Exploits3References5Affected Software1

Positive Technologies•added 2025/11/18 12:0 a.m.•2 views

PT-2025-47299

Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description A stored Cross-site Scripting XSS issue exists in WinPlus version 24.11.27 due to insufficient validation of user-supplied data. This allows a remote attacker to send a malicious query to an authenticated...

5.1CVSS5.9AI score0.00032EPSS

Exploits0References3

CVE•added 2025/11/05 12:0 a.m.•5 views

CVE-2025-56231

Tonec Internet Download Manager (IDM) 6.42.41.1 and earlier is affected by a Missing SSL Certificate Validation vulnerability in the update mechanism, allowing a remote attacker to bypass update protections. Affected component is the update/SSL validation routine; root cause details are consisten...

9.1CVSS6.5AI score0.00042EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/10/09 12:0 a.m.•2 views

PT-2025-41348

Name of the Vulnerable Software and Affected Versions Versions prior to 2.3 Description A memory corruption issue exists when processing an image encoding completion event. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

7.8CVSS6.5AI score0.00018EPSS

Exploits0References5

RedhatCVE•added 2025/10/07 6:27 p.m.•2 views

CVE-2025-52658

HCL MyXalytics 6.6. product is affected by Use of Vulnerable/Outdated Versions Vulnerability...

3.5CVSS7AI score0.00082EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-4397

Malware in sbrugna...

7.5CVSS7.5AI score0.00322EPSS

Exploits0References2