CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

371 matches found

ATTACKERKB•added 2026/01/29 9:2 p.m.•5 views

CVE-2026-24845

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

6.5CVSS5.9AI score0.00336EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/01/19 2:19 a.m.•4 views

CVE-2026-1050

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS6.9AI score0.00364EPSS

Exploits0References1

Snyk•added 2026/01/17 6:30 p.m.•1 views

Injection

Overview Affected versions of this package are vulnerable to Injection via the REST Authenticate Endpoint in the Y9PlatformUtil.java file. An attacker can access, modify, or disrupt sensitive data by sending specially crafted requests to the affected endpoint. Remediation There is no fixed versio...

7.5CVSS5.6AI score0.00364EPSS

Exploits0References2

Github Security Blog•added 2026/01/17 6:30 p.m.•5 views

risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability

7.5CVSS5.3AI score0.00364EPSS

Exploits0References6Affected Software1

NVD•added 2026/01/17 6:15 p.m.•3 views

CVE-2026-1050

7.5CVSS0.00364EPSS

Exploits0References6

EUVD•added 2026/01/17 6:2 p.m.•3 views

EUVD-2026-3133

7.5CVSS6.3AI score0.00364EPSS

Exploits0References6

CVE•added 2026/01/17 6:2 p.m.•8 views

CVE-2026-1050

CVE-2026-1050 concerns risesoft-y9 Digital-Infrastructure up to 9.6.7. The vulnerability is in the REST Authenticate Endpoint, specifically in Y9PlatformUtil.java, where an attacker can trigger SQL injection via remotely crafted requests. Multiple sources (NVD, Red Hat, circl, OSV, GHSA, Snyk) co...

7.5CVSS6.5AI score0.00364EPSS

Exploits0References6

Positive Technologies•added 2026/01/17 12:0 a.m.•4 views

PT-2026-3366

Name of the Vulnerable Software and Affected Versions risesoft-y9 Digital-Infrastructure versions up to 9.6.7 Description A flaw exists in risesoft-y9 Digital-Infrastructure up to version 9.6.7. The issue affects an unknown function within the file...

7.5CVSS7AI score0.00364EPSS

Exploits0References13

Tenable Nessus•added 2026/01/16 12:0 a.m.•4 views

MiracleLinux 4 : libssh2-1.4.2-3.AXS4.1 (AXSA:2019-3922:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3922:01 advisory. libssh2: Integer overflow in transport read resulting in out of bounds write CVE-2019-3855 libssh2: Integer overflow in keyboard interactive handlin...

9.3CVSS7.2AI score0.09219EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 10:10 a.m.•5 views

CVE-2019-11143

Improper permissions in the software installer for IntelR Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access...

6.7CVSS7.2AI score0.00354EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:11 a.m.•13 views

CVE-2025-1912

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validatefile Function. This makes it possible for authenticated attackers, with Administrator-level...

7.6CVSS6.8AI score0.00329EPSS

Exploits0References1

CVE•added 2025/12/28 12:2 p.m.•12 views

CVE-2025-15135

CVE-2025-15135 affects the project joey-zhou xiaozhi-esp32-server-java (up to 3.0.0). The vulnerability is in the Cookie Handler component, specifically the function tryAuthenticateWithCookies() inside AuthenticationInterceptor.java. Manipulation of this function can lead to improper authenticati...

6.5CVSS6.5AI score0.00289EPSS

Exploits0References7

Hacker One•added 2025/12/20 11:55 a.m.•13 views

curl: Functional Regression in Digest Authentication: Failure to handle optional spaces and escaped quotes

Summary A recent migration of the Digest authentication parsing logic to the curlxstr strparse API introduced two functional parsing regressions in lib/vauth/digest.c. 1. Optional Whitespace OWS Handling The current implementation fails to skip optional whitespace after comma delimiters in...

7.2AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-180520

Malicious code in abstract-mu-kappa-authenticate-decode npm...

6.6AI score

Exploits0

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•6 views

Malicious code in minify-mu-catch-authenticate-user (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac3b2212cf649bbcec1267832b53976a224b9a0387e17e082b8641dda41bc920 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176237

Malicious code in stack-authenticate-boolean-compile-kappa npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176085

Malicious code in table-authorize-authenticate-assert-pi npm...

6.6AI score

Exploits0