CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

423 matches found

EUVD-2026-33229

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00029EPSS

Exploits1References3

Github Security Blog•added 2026/04/29 3:30 p.m.•6 views

Jenkins Script Security Plugin: Missing permission checks allow enumeration of pending and approved classpaths

Jenkins Script Security Plugin versions 1399.ve6a66547f6e1 and earlier do not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. Script Security Plugin 1402.v94c9ce464861 requires...

4.3CVSS5.8AI score0.00126EPSS

Exploits0References3Affected Software1

CVE•added 2026/03/26 9:17 p.m.•2 views

CVE-2026-0748

CVE-2026-0748 affects the Drupal 7 Internationalization (i18n) module, specifically the i18n_node submodule. The vulnerability allows a user who has both Translate content and Administer content translations permissions to view and attach unpublished nodes via the translation UI and its autocompl...

5.3CVSS5.7AI score0.00035EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/03/03 7:47 p.m.•0 views

CVE-2025-14923

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings...

4.7CVSS5.9AI score0.00035EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/25 12:0 a.m.•3 views

PT-2026-22090

Name of the Vulnerable Software and Affected Versions Drupal Responsive Favicons versions prior to 2.0.2 Description A flaw exists in the Drupal Responsive Favicons module where administrator-entered text is not properly filtered, leading to a Cross-Site Scripting XSS issue. An attacker must...

4.8CVSS5.9AI score0.00038EPSS

Exploits0References5

OSV•added 2026/01/14 5:55 p.m.•3 views

DRUPAL-CONTRIB-2026-003

This module integrates the AT Internet SmartTag service. The module does not filter administrator-entered text leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer atsmarttag"...

6.1CVSS6.2AI score0.00041EPSS

Exploits0References1

Positive Technologies•added 2026/01/14 12:0 a.m.•1 views

PT-2026-2969

This module integrates the AT Internet Piano Analytics service. The module does not filter administrator-entered text leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

6.3AI score

Exploits0References2

EUVD•added 2025/12/04 9:2 p.m.•3 views

EUVD-2025-201280

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...

8.4CVSS7AI score0.00016EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2013-1803

Malware in sbrugna...

2.1CVSS6.4AI score0.00201EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-8577

Malware in sbrugna...

3.5CVSS6.4AI score0.00201EPSS

Exploits0References5