CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

SUSE CVE•added 2026/05/13 3:48 a.m.•4 views

SUSE CVE-2026-7815

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS6.2AI score0.00045EPSS

Exploits0References3

EUVD•added 2026/05/11 6:31 p.m.•3 views

EUVD-2026-29083

8.8CVSS6.2AI score0.00045EPSS

Exploits0References2

Cvelist•added 2026/02/26 12:5 a.m.•17 views

CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter

Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...

7.2CVSS0.0006EPSS

Exploits0References1

OSV•added 2026/02/06 6:37 p.m.•3 views

GHSA-2WW3-72RP-WPP4 Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

9.9CVSS5.5AI score0.00067EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-34759

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.0015EPSS

Exploits0References3

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2022-2501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacke...

7.5CVSS7.3AI score0.0015EPSS

Exploits0References2

Positive Technologies•added 2025/07/21 12:0 a.m.•5 views

PT-2025-30360 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions 25.6.0 and below Description: LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring system. Versions 25.6.0 and below contain an architectural vulnerability in the /ajax form.php endpoint that permits Remot...

7.5CVSS6.9AI score0.00085EPSS

Exploits1References16

RedhatCVE•added 2025/05/23 1:8 a.m.•5 views

CVE-2022-2501

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

7.5CVSS6.5AI score0.0015EPSS

Exploits0References1

OSV•added 2024/03/29 7:3 p.m.•18 views

GHSA-W387-5QQW-7G8M Content-Security-Policy header generation in middleware could be compromised by malicious injections

Impact When the following conditions are met: - Automated CSP headers generation for SSR content is enabled - The web application serves content that can be partially controlled by external users Then it is possible that the CSP headers generation feature might be "allow-listing" malicious inject...

8.7CVSS7.6AI score0.00949EPSS

Exploits0References6

Github Security Blog•added 2024/03/29 7:3 p.m.•20 views

Content-Security-Policy header generation in middleware could be compromised by malicious injections

7.5CVSS7.1AI score0.00949EPSS

Exploits0References6Affected Software1

NVD•added 2024/03/28 1:15 p.m.•14 views

CVE-2024-29896

Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the C...

7.5CVSS7.5AI score0.00949EPSS

Exploits0References2

OSV•added 2024/03/06 11:15 a.m.•14 views

BIT-GITLAB-2022-2501

7.5CVSS7.3AI score0.0015EPSS

Exploits0References4

ATTACKERKB•added 2024/01/11 2:15 p.m.•0 views

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

4.6CVSS5.8AI score0.00238EPSS

Exploits0References4

NVD•added 2024/01/11 2:15 p.m.•13 views

CVE-2023-51750

4.6CVSS4.8AI score0.00238EPSS

Exploits0References3

NVD•added 2024/01/11 2:15 p.m.•11 views

CVE-2023-51749

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

8.8CVSS8.6AI score0.00094EPSS

Exploits1References3