CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

Debian CVE•added 2026/03/25 7:43 p.m.•2 views

CVE-2026-33217

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the $MQTT. namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions...

7.1CVSS6.1AI score0.00036EPSS

Exploits0

OSV•added 2026/03/19 11:5 p.m.•1 views

CVE-2026-29189 SuiteCRM has a REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship Endpoints

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL Access Control List checks on several endpoints, allowing authenticated users to access and manipulate data they...

8.1CVSS5.9AI score0.00016EPSS

Exploits0References4

ATTACKERKB•added 2026/03/19 11:5 p.m.•2 views

CVE-2026-29189

8.1CVSS5.8AI score0.00016EPSS

Exploits0References3Affected Software1

EUVD•added 2026/03/19 8:30 p.m.•3 views

EUVD-2026-13227

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module oe-module-faxsms allows any authenticated OpenEMR user to invoke controller methods — including getNotificationLog, whic...

5.4CVSS5.9AI score0.00081EPSS

Exploits1References2

SUSE Linux•added 2026/01/21 8:4 a.m.•4 views

Security update for libvirt

This update for libvirt fixes the following issues: CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Patch Instructions: To install this SUSE update use the SUSE...

6.9CVSS5.5AI score0.00109EPSS

Exploits0References8

RedhatCVE•added 2026/01/09 10:33 a.m.•5 views

CVE-2017-18478

In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions SEC-207...

6.5CVSS7AI score0.00367EPSS

Exploits0References1

SUSE Linux•added 2026/01/09 8:1 a.m.•2 views

Security update for libvirt

This update for libvirt fixes the following issues: Security fixes: CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: libvirt-supportconfig: Add support for...

6.9CVSS7.1AI score0.00109EPSS

Exploits0References10

OSV•added 2026/01/09 8:1 a.m.•0 views

SUSE-SU-2026:0079-1 Security update for libvirt

This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: - libvirt-supportconfig: Add support...

5.5CVSS5.8AI score0.00109EPSS

Exploits0References6

SUSE Linux•added 2026/01/08 12:22 p.m.•3 views

Security update for libvirt

This update for libvirt fixes the following issues: CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 CVE-2025-12748: Fixed Check ACLs before parsing the whole domain XML bsc1253278 Patch Instructions: To install this SUSE update use the SUSE...

6.9CVSS7.1AI score0.00109EPSS

Exploits0References8

Positive Technologies•added 2026/01/01 12:0 a.m.•1 views

PT-2026-29244

Name of the Vulnerable Software and Affected Versions versions prior to the fix for CVE-2026-24029 Description When the early acl drop or earlyACLDrop in Lua option is disabled, and a DNS over HTTPs frontend is utilizing the nghttp2 provider, the Access Control List ACL check is bypassed. This...

8.2CVSS5AI score0.00014EPSS

Exploits0References25

Tenable Nessus•added 2025/12/31 12:0 a.m.•3 views

Unity Linux 20.1070e Security Update: libvirt (UTSA-2025-993323)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993323 advisory. A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicio...

5.5CVSS5.5AI score0.00109EPSS

Exploits0References4

OSV•added 2025/12/12 12:20 p.m.•2 views

OESA-2025-2814 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was discovered in libvirt in the XML file processing. More specifically, t...

5.5CVSS6.6AI score0.00109EPSS

Exploits0References2

SUSE CVE•added 2025/11/13 12:44 a.m.•1 views

SUSE CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

5.5CVSS8.6AI score0.00109EPSS

Exploits0References14

CVE•added 2025/11/11 7:49 p.m.•420 views

CVE-2025-12748

CVE-2025-12748 is a libvirt vulnerability arising from XML file processing where parsing occurs before ACL checks, allowing a malicious XML payload with limited permissions to trigger excessive host memory allocation and a denial-of-service in the libvirt process. Connected advisories confirm aff...

5.5CVSS5.9AI score0.00109EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-12861

Malware in sbrugna...

7.5CVSS7.4AI score0.00009EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-12851

Malware in sbrugna...

5.3CVSS5.3AI score0.00008EPSS

Exploits0References2