CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

EUVD-2026-38241

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS5.9AI score0.00394EPSS

Exploits0References1

AlpineLinux•added 5 days ago•5 views

CVE-2026-42129

7.7CVSS5.9AI score0.00394EPSS

Exploits0

Tenable Nessus•added 2026/06/06 12:0 a.m.•8 views

FreeBSD : PowerDNS -- Multiple vulnerabilities (0823ac26-6040-11f1-ba4a-50ebf6bdf8e9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0823ac26-6040-11f1-ba4a-50ebf6bdf8e9 advisory. PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial o...

8.6CVSS5.7AI score0.00365EPSS

Exploits0References7

Veracode•added 2026/05/16 5:33 a.m.•12 views

Secret Key Exposure

Pyroscope is vulnerable to Secret Key Exposure. The vulnerability is due to improper exposure of Tencent COS storage backend configuration values through the Pyroscope API, allowing attackers with API access to retrieve the secretkey used for cloud storage authentication...

9.1CVSS5.8AI score0.00337EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/03/26 3:4 p.m.•6 views

CVE-2025-62319

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions TRUE or FALSE into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the...

9.8CVSS6AI score0.00281EPSS

Exploits0References1

EUVD•added 2026/03/16 6:32 p.m.•2 views

EUVD-2025-208747

9.8CVSS6AI score0.00281EPSS

Exploits0References2

Vulnrichment•added 2026/03/16 3:30 p.m.•5 views

CVE-2025-62319 Boolean-Based SQL Injection in Multiple Unica Components

9.8CVSS6AI score0.00281EPSS

Exploits0References1

Veracode•added 2026/01/20 12:37 p.m.•6 views

Cross-site Scripting (XSS)

october/system is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in backend configuration stylesheet fields, which allows an attacker with backend customization privileges to inject malicious HTML or JavaScript and execute arbitrary scripts across...

6.1CVSS5.8AI score0.00183EPSS

Exploits0References2Affected Software2

RedhatCVE•added 2026/01/13 10:53 p.m.•4 views

CVE-2025-61674

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...

6.1CVSS5.7AI score0.00183EPSS

Exploits0References1

Positive Technologies•added 2026/01/10 12:0 a.m.•5 views

PT-2026-1832

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.13 October versions prior to 4.0.12 Description October is a Content Management System CMS and web platform. A cross-site scripting XSS issue exists in October CMS backend configuration forms. A user possessing th...

6.1CVSS5.8AI score0.00183EPSS

Exploits0References4

RedhatCVE•added 2026/01/07 9:33 a.m.•6 views

CVE-2019-16925

Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change th...

6.1CVSS5.8AI score0.00818EPSS

Exploits1References1

EUVD•added 2025/12/16 12:30 a.m.•3 views

EUVD-2025-203471

A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...

5.8CVSS6.5AI score0.00386EPSS

Exploits1References5

NVD•added 2025/12/15 11:15 p.m.•7 views

CVE-2025-14729

7.2CVSS0.00386EPSS

Exploits1References4

NVD•added 2025/12/15 11:15 p.m.•9 views

CVE-2025-14730

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

7.2CVSS0.00386EPSS

Exploits1References4

OSV•added 2025/12/15 11:15 p.m.•4 views

CVE-2025-14730

7.2CVSS5.6AI score0.00386EPSS

Exploits1References4

OSV•added 2025/12/15 11:15 p.m.•7 views

CVE-2025-14729

7.2CVSS5.5AI score0.00386EPSS

Exploits1References4

Vulnrichment•added 2025/12/15 11:2 p.m.•2 views

CVE-2025-14730 CTCMS Content Management System Backend System Configuration Ct_Config.php code injection

5.8CVSS6.7AI score0.00386EPSS

Exploits1References4

CVE•added 2025/12/15 11:2 p.m.•8 views

CVE-2025-14730

CVE-2025-14730 affects CTCMS Content Management System up to version 2.1.2, focusing on an unknown function in /ctcms/libs/Ct_Config.php. Manipulation of the Cj_Add/Cj_Edit argument leads to code injection, enabling remote execution. The issue is associated with the Backend System Configuration M...

7.2CVSS6.7AI score0.00386EPSS

Exploits1References4Affected Software1