CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

297 matches found

Adobe AEM Dispatcher <4.15 - Rules Bypass

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. id: CVE-2016-0957 info: name: Adobe AEM Dispatcher 4.15 - Rules Bypass author: geeknik severity:...

7.8CVSS7.2AI score0.93186EPSS

Exploits0References5

Nuclei•added 2 days ago•111 views

Adobe Experience Manager - Expression Language Injection

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 has an expression language injection vulnerability. id: CVE-2019-16469 info: name: Adobe Experience Manager - Expression Language Injection author: DomenicoVeneziano severity: high description: | Adobe Experience Manager versions...

7.5CVSS7.1AI score0.70604EPSS

Exploits0References3

NVD•added 3 days ago•6 views

CVE-2026-10274

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-si...

6.5CVSS0.00043EPSS

Exploits0References6

Cvelist•added 3 days ago•24 views

CVE-2026-10274 indrasishbanerjee aem-mcp-server Axios Request Flow mcp-server.ts getAssetMetadata server-side request forgery

6.5CVSS0.00043EPSS

Exploits0References6

CVE•added 3 days ago•9 views

CVE-2026-10274

Summary: CVE-2026-10274 concerns the indrasishbanerjee aem-mcp-server (up to commit b5f833aef9b5dfd17a5991b3b18a8a11edbdc583) and affects the function getAssetMetadata in file src/mcp-server.ts within the Axios Request Flow component. By manipulating the argument assetPath, a remote attacker can ...

6.5CVSS6.3AI score0.00043EPSS

Exploits0References6

Vulnrichment•added 3 days ago•7 views

CVE-2026-10274 indrasishbanerjee aem-mcp-server Axios Request Flow mcp-server.ts getAssetMetadata server-side request forgery

6.5CVSS5.5AI score0.00043EPSS

Exploits0References6

Snyk•added 2026/01/28 4:33 p.m.•2 views

Malicious Package

Overview aem-guides-wknd-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score

Exploits0References2

RedhatCVE•added 2025/12/11 7:1 p.m.•2 views

CVE-2025-64801

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00025EPSS

Exploits0References1

OSV•added 2025/12/10 7:16 p.m.•0 views

CVE-2025-64564

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...

5.4CVSS5.9AI score

Exploits0References1

OSV•added 2025/12/10 7:16 p.m.•0 views

CVE-2025-64550

5.4CVSS5.8AI score

Exploits0References1

CVE•added 2025/12/10 6:24 p.m.•9 views

CVE-2025-64598

CVE-2025-64598 affects Adobe Experience Manager (AEM) 6.5.23 and earlier with a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privilege attacker to inject malicious scripts and have them execute in a victim’s browser when visiting a page contain...

5.4CVSS5.1AI score0.00025EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2025/12/04 12:0 a.m.•3 views

Adobe Experience Manager (AEM) Dispatcher Bypass

The remote Adobe Experience Manager AEM is affected by a dispatcher misconfiguration that allows for security filter bypass. By sending a specially crafted request, an unauthenticated, remote attacker can access internal endpoints, such as the QueryBuilder JSON API. A successful exploit could lea...

6.5AI score

Exploits0References2