CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS5.9AI score0.00458EPSS

Exploits1References1

NVD•added 2026/05/27 9:16 a.m.•9 views

CVE-2026-8054

10CVSS0.00458EPSS

Exploits1References2

EUVD•added 2026/05/27 7:55 a.m.•6 views

EUVD-2026-32131

10CVSS6.1AI score0.00458EPSS

Exploits1References2

ATTACKERKB•added 2026/05/27 7:55 a.m.•4 views

CVE-2026-8054

10CVSS6.1AI score0.00458EPSS

Exploits1References3Affected Software1

Snyk•added 2025/08/09 2:41 a.m.•7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the audit subsystem when manipulating log prefixes. An attacker can execute unauthorized code and gain network access by bypassing intended restrictions on privileged API operators. Note: This is exploitable...

9.4CVSS7.8AI score0.00648EPSS

Exploits0References2

OSV•added 2025/08/09 1:56 a.m.•8 views

CVE-2025-54997 OpenBao: Privileged Operator May Execute Code on the Underlying Host

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...

9.1CVSS7.1AI score0.00648EPSS

Exploits0References6

Vulnrichment•added 2025/08/09 1:56 a.m.•2 views

CVE-2025-54997 OpenBao: Privileged Operator May Execute Code on the Underlying Host

9.1CVSS7.4AI score0.00648EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by