CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2117 matches found

RedhatCVE•added 2025/05/23 2:14 a.m.•7 views

CVE-2023-49075

The Admin Classic Bundle provides a Backend UI for Pimcore. AdminBundle\Security\PimcoreUserTwoFactorCondition introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor...

8.4CVSS6.9AI score0.00013EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 1:58 a.m.•7 views

CVE-2023-47636

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure FPD vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the loadfile within a SQL Injection query to view the page...

5.3CVSS7.4AI score0.00005EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 1:45 a.m.•2 views

CVE-2023-41649

Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2...

6.5CVSS8.5AI score0.00164EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:28 a.m.•12 views

CVE-2022-48289

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS7.2AI score0.00118EPSS

Exploits0

RedhatCVE•added 2025/05/23 12:28 a.m.•12 views

CVE-2022-48288

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...

7.5CVSS7.2AI score0.00118EPSS

Exploits0

RedhatCVE•added 2025/05/23 12:21 a.m.•14 views

CVE-2022-48301

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled...

7.5CVSS7AI score0.00082EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:17 a.m.•8 views

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

6.5CVSS6.3AI score0.00872EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:4 a.m.•6 views

CVE-2022-25187

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle...

6.5CVSS6.3AI score0.00101EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:20 p.m.•4 views

CVE-2022-39008

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps...

9.1CVSS9.2AI score0.00345EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:45 p.m.•5 views

CVE-2022-47937

Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to conside...

9.8CVSS6.7AI score0.00958EPSS

Exploits0

RedhatCVE•added 2025/05/22 9:17 p.m.•6 views

CVE-2021-32770

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...

7.5CVSS7.1AI score0.00238EPSS

Exploits1References1

Circl•added 2025/05/16 7:34 a.m.•2 views

CVE-2024-49925

creationtimestamp| type| source ---|---|--- 2025-05-16 07:34:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16657 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

5.5CVSS6.6AI score0.00007EPSS

Exploits0References2

Circl•added 2025/05/15 12:34 p.m.•4 views

CVE-2022-48796

creationtimestamp| type| source ---|---|--- 2025-05-15 12:34:21+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16475 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

7.8CVSS6.3AI score0.00019EPSS

Exploits0References2

Circl•added 2025/05/13 8:52 a.m.•1 views

CVE-2025-22459

creationtimestamp| type| source ---|---|--- 2025-05-13 08:52:05+00:00| seen| https://vulnerability.circl.lu/bundle/ff9b5232-52f8-4705-aa8d-8c011a8c756b...

4.8CVSS5.8AI score0.00288EPSS

Exploits0References1

Circl•added 2025/05/12 6:22 a.m.•2 views

CVE-2024-29205

creationtimestamp| type| source ---|---|--- 2025-05-12 06:22:54+00:00| seen| https://vulnerability.circl.lu/bundle/06b268ae-939c-4fb6-91b5-28d20ef6f609...

7.5CVSS5.8AI score0.02709EPSS

Exploits0References1

RedhatCVE•added 2025/05/10 12:20 a.m.•13 views

CVE-2025-26847

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked...

9.1CVSS6.9AI score0.00385EPSS

Exploits0References1

Circl•added 2025/05/09 8:25 a.m.•6 views

CVE-2024-26739

creationtimestamp| type| source ---|---|--- 2025-05-09 08:25:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15708 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

7.8CVSS6.6AI score0.00011EPSS

Exploits0References2