CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

193 matches found

Snyk•added 2026/05/11 9:0 p.m.•8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS

Exploits3References2

RedhatCVE•added 2026/01/23 9:15 p.m.•3 views

CVE-2026-22450

Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through = 1.3...

4.3CVSS5.4AI score0.00185EPSS

Exploits0References1

NVD•added 2026/01/22 5:16 p.m.•2 views

CVE-2025-68058

Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through = 1.3..4...

7.6CVSS0.00282EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:19 a.m.•6 views

CVE-2021-22432

There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access...

10CVSS6.9AI score0.00859EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:47 a.m.•9 views

CVE-2022-31698

The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header...

5.3CVSS6.7AI score0.47795EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:19 a.m.•7 views

CVE-2019-18330

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server All versions. An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability...

9.8CVSS7.3AI score0.02672EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:17 a.m.•4 views

CVE-2019-18320

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to upload arbitrary files without authentication. Please note that an attacker needs to have network access to the...

7.5CVSS6.5AI score0.01067EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:13 a.m.•7 views

CVE-2019-2642

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with...

8.2CVSS7.2AI score0.01287EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:52 a.m.•6 views

CVE-2021-2235

Vulnerability in the Oracle Transportation Execution product of Oracle E-Business Suite component: Install and Upgrade. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.1CVSS7AI score0.012EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:34 a.m.•9 views

CVE-2024-41691

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary...

7CVSS6.9AI score0.00152EPSS

Exploits0References1