CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

82 matches found

CVE-2026-44238

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

8.8CVSS0.00058EPSS

Exploits0References1

CNNVD•added 2026/05/20 12:0 a.m.•4 views

Taiko AG1000-01A SMS Alert Gateway 访问控制错误漏洞

The Taiko AG1000-01A SMS Alert Gateway is an industrial communication gateway device developed by Taiko Company in Singapore. Both the Rev 7.3 and Rev 8 versions of the Taiko AG1000-01A SMS Alert Gateway contain access control vulnerability issues. This vulnerability stems from an authentication...

9.8CVSS5.8AI score0.00258EPSS

Exploits0References1

CVE•added 2026/05/13 2:12 p.m.•9 views

CVE-2026-41217

The CVE-2026-41217 entry describes a vulnerability in an undisclosed BIG-IP TMOS Shell (tmsh) command that can allow an authenticated user with resource administrator or administrator role to execute arbitrary system commands with elevated privileges. In Appliance mode, a successful exploit can c...

8.3CVSS5.8AI score0.00026EPSS

Exploits0References1

Vulnrichment•added 2026/05/06 7:54 p.m.•4 views

CVE-2026-40325 Masa CMS CSRF in content restoration allows unauthorized restoration of deleted content

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.restore function does not properly validate anti-CSRF tokens for content restoration requests. An attacker can trick a logged-in administrator to submit a forged request that restores deleted...

8.7CVSS5.7AI score0.00025EPSS

Exploits0References1

Positive Technologies•added 2026/03/17 12:0 a.m.•4 views

PT-2026-25951

CVE-2026-1267 IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of pro… https://t.co/BQ9nfoG4xS...

6.5CVSS5.8AI score0.00019EPSS

Exploits0References3

ATTACKERKB•added 2026/02/11 12:16 p.m.•2 views

CVE-2025-58471

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

5.1CVSS5.6AI score0.00046EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2026/01/08 9:36 p.m.•9 views

Ghost has SSRF via External Media Inliner

Impact A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 ...

5.1CVSS7.1AI score0.00068EPSS

Exploits0References5Affected Software1

Snyk•added 2026/01/05 6:10 p.m.•3 views

Template Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Template Injection via the map filter in Twig templates when processing text fields that accept Twig input in the control panel settings or through the System Messages utility. An attacker ca...

8.8CVSS7.8AI score0.00519EPSS

Exploits1References2

NVD•added 2025/11/04 5:16 p.m.•4 views

CVE-2025-61956

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control ATC and pilots...

10CVSS0.002EPSS

Exploits0References2