CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

541 matches found

CVE•added 2026/05/26 12:57 p.m.•29 views

CVE-2026-48136

CVE-2026-48136 affects Check Point Multi-Domain Management where, when Compliance is enabled, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata for Compliance Best Practices in another CMA where they have no access, effectively bypassi...

4.1CVSS5.8AI score0.03796EPSS

Exploits0References1

Positive Technologies•added 2026/05/26 12:0 a.m.•9 views

PT-2026-43376

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management versions 7.0.3 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through Interim Fix 001 Description An...

7.2CVSS5.9AI score0.00369EPSS

Exploits0References4

EUVD•added 2026/04/17 6:31 a.m.•3 views

EUVD-2026-23366

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...

8.6CVSS6AI score0.01233EPSS

Exploits0References3

ATTACKERKB•added 2026/04/17 4:33 a.m.•1 views

CVE-2026-35496

A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible...

5.1CVSS5.8AI score0.0032EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/17 12:0 a.m.•2 views

PT-2026-33408

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...

8.6CVSS7.3AI score0.01233EPSS

Exploits0References3

Vulnrichment•added 2026/03/16 5:21 a.m.•2 views

CVE-2026-31386

OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege...

8.6CVSS5.8AI score0.01513EPSS

Exploits0References3

Positive Technologies•added 2026/03/16 12:0 a.m.•4 views

PT-2026-25612

Name of the Vulnerable Software and Affected Versions OpenLiteSpeed and LSWS Enterprise versions affected versions not specified Description OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection issue. An attacker with administrative privileges can...

8.6CVSS7.3AI score0.01513EPSS

Exploits0References9

Tenable Nessus•added 2026/02/05 12:0 a.m.•2 views

EPSON Printers Cross-site Scripting (CVE-2023-23572)

Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Note Web Config is the software that allows users to check the status and change the settings of SEIKO EPS...

4.8CVSS5.4AI score0.00503EPSS

Exploits0References3

Vulnrichment•added 2026/01/13 10:51 p.m.•3 views

CVE-2020-36911 Covenant 0.5 - Remote Code Execution (RCE)

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...

9.8CVSS8.5AI score0.10447EPSS

Exploits1References7

RedhatCVE•added 2026/01/09 12:34 p.m.•7 views

CVE-2023-31198

OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05B04 and earlier, AC-PD-WAPUM...

7.2CVSS7.5AI score0.01476EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:50 a.m.•5 views

CVE-2022-37346

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...

9.8CVSS7.2AI score0.00956EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:18 a.m.•5 views

CVE-2019-18345

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an...

9.3CVSS6.1AI score0.02242EPSS

Exploits4References1

RedhatCVE•added 2026/01/09 9:5 a.m.•7 views

CVE-2024-34021

Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution...

6.8CVSS7.1AI score0.00367EPSS

Exploits0References1

EUVD•added 2025/12/17 7:10 p.m.•4 views

EUVD-2025-203921

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/UserEditor.php file. When an administrator saves a user's configuration settings, the keys of the type POST parameter array are not properly sanitized or type-casted befor...

7.2CVSS7.8AI score0.00346EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2020-26798

Malware in sbrugna...

6.8CVSS7.1AI score0.00372EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-1318

Malware in sbrugna...

9CVSS6.2AI score0.02475EPSS

Exploits0References4