CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38300 matches found

CNNVD•added 2026/02/04 12:0 a.m.•2 views

IBM Cloud Pak System 安全漏洞

IBM Cloud Pak System is a fully configurable and pre-integrated software-based, full-stack, integrated infrastructure provided by IBM. This product supports deployment across hybrid cloud environments, as well as management and mobile application scenarios. There is a security vulnerability in IB...

7.5CVSS5.8AI score0.00016EPSS

Exploits0References1

OSV•added 2026/02/03 12:30 p.m.•3 views

GHSA-5CX4-W4FH-FR57 Moodle Affected by Improper Restriction of Excessive Authentication Attempts

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

7.5CVSS5.5AI score0.00035EPSS

Exploits0References5

OSV•added 2026/02/03 11:15 a.m.•0 views

UBUNTU-CVE-2025-67853

7.5CVSS5.8AI score0.00035EPSS

Exploits0References4

EUVD•added 2026/02/03 10:52 a.m.•2 views

EUVD-2025-206748

7.5CVSS5.5AI score0.00035EPSS

Exploits0References2

EUVD•added 2026/02/03 9:28 a.m.•1 views

EUVD-2025-206732

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system...

7.1CVSS5.6AI score0.00026EPSS

Exploits0References1

Positive Technologies•added 2026/02/03 12:0 a.m.•2 views

PT-2026-5962

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle related to insufficient rate limiting within the confirmation email service. This allows attackers to more easily enumerate or guess user credentials, potentially...

7.5CVSS5.5AI score0.00035EPSS

Exploits0References7

CNNVD•added 2026/02/03 12:0 a.m.•4 views

Ziroom ZHOME A0101 安全漏洞

Ziroom ZHOME A0101 is a smart home hardware device developed by Ziroom Corporation. The version 1.0.1.0 of Ziroom ZHOME A0101 contains a security vulnerability. This vulnerability stems from the Dropbear SSH Service component using default credentials, which may lead to remote attacks...

9.2CVSS7.3AI score0.00038EPSS

Exploits0References6

OSV•added 2026/02/02 10:26 p.m.•4 views

CVE-2026-25060 OpenList Insecure TLS Default Configuration

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig function in internal/conf/config.go. This vulnerability enables...

8.1CVSS5.4AI score0.00014EPSS

Exploits0References5

Snyk•added 2026/02/02 8:12 p.m.•2 views

Missing Validation of OpenSSL Certificate

Overview Affected versions of this package are vulnerable to Missing Validation of OpenSSL Certificate due to the default configuration of DefaultConfig where TLS certificate verification is disabled for outgoing storage driver communications. An attacker can intercept, decrypt, and manipulate al...

9.2CVSS5.5AI score0.00014EPSS

Exploits0References2

CNNVD•added 2026/02/02 12:0 a.m.•3 views

SourceCodester Medical Certificate Generator App 安全漏洞

The SourceCodester Medical Certificate Generator App is an open-source medical certification generator developed by SourceCodester. Version 1.0 of the SourceCodester Medical Certificate Generator App contains a security vulnerability. This vulnerability stems from an unknown issue involving...

5.3CVSS5.7AI score0.00016EPSS

Exploits1References6

NVD•added 2026/02/01 1:15 p.m.•4 views

CVE-2021-47885

Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or...

6.4CVSS0.00018EPSS

Exploits0References5

Cvelist•added 2026/02/01 12:15 p.m.•28 views

CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...

5.4CVSS0.00079EPSS

Exploits0References4

CVE•added 2026/02/01 12:15 p.m.•13 views

CVE-2022-50942

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that enables attackers to inject scripts via the icinga.min.js file by exploiting EventListener.handleEvent. This can lead to session hijacking and non-persistent phishing attacks. The issue is described across multiple s...

5.4CVSS5.5AI score0.00079EPSS

Exploits0References4

EUVD•added 2026/02/01 12:15 p.m.•2 views

EUVD-2021-34760

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

5.4CVSS5.9AI score0.00055EPSS

Exploits0References4

ATTACKERKB•added 2026/02/01 12:15 p.m.•2 views

CVE-2021-47911

5.4CVSS5.9AI score0.00055EPSS

Exploits0References4Affected Software1

EUVD•added 2026/02/01 12:15 p.m.•2 views

EUVD-2021-34763

6.4CVSS5.9AI score0.00018EPSS

Exploits0References5

CNNVD•added 2026/02/01 12:0 a.m.•3 views

Icinga Web 2 跨站脚本漏洞

Icinga Web 2 is an open-source monitoring and measurement solution developed by Icinga. Version 2.8.2 of Icinga Web 2 contains a cross-site scripting vulnerability. This vulnerability stems from the icinga.min.js file, which has a client-side cross-site scripting vulnerability. It may lead to...

5.4CVSS5.6AI score0.00079EPSS

Exploits0References4

Positive Technologies•added 2026/02/01 12:0 a.m.•4 views

PT-2026-5556

5.4CVSS5.9AI score0.00055EPSS

Exploits0References5

Positive Technologies•added 2026/02/01 12:0 a.m.•2 views

PT-2026-5568

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking,...

6.4CVSS6.2AI score0.00136EPSS

Exploits0References4

Positive Technologies•added 2026/02/01 12:0 a.m.•4 views

PT-2026-5567

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...

6.4CVSS6.1AI score0.00136EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by