CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5151 matches found

SolarWinds Security Event Manager - Unauthenticated RCE

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. id: CVE-2024-0692 info: name: SolarWinds Security Event Manager - Unauthenticated RCE...

8.8CVSS8.2AI score0.78297EPSS

Exploits1References1

Nuclei•added yesterday•28 views

Uniview NVR301-04S2-P4 - Cross-Site Scripting

Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the findi...

5.4CVSS5.5AI score0.11904EPSS

Exploits0References2

Nuclei•added 2026/05/29 3:59 a.m.•72 views

EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution

EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655,...

9.8CVSS7.8AI score0.91906EPSS

Exploits13References5

ICS•added 2026/05/28 6:0 a.m.•5 views

XCharge C6

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights or execute code on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

6.3AI score

Exploits0References13

Circl•added 2026/05/26 5:0 a.m.•5 views

CVE-2019-5460

creationtimestamp| type| source ---|---|--- 2026-05-26 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-05...

5.5CVSS6.8AI score0.00914EPSS

Exploits1References1

Circl•added 2026/05/26 5:0 a.m.•5 views

CVE-2019-5459

creationtimestamp| type| source ---|---|--- 2026-05-26 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-05...

7.1CVSS7.1AI score0.01185EPSS

Exploits1References1

Circl•added 2026/05/26 5:0 a.m.•7 views

CVE-2023-46814

creationtimestamp| type| source ---|---|--- 2026-05-26 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-05...

7.8CVSS7.1AI score0.00107EPSS

Exploits0References1

Circl•added 2026/05/21 5:0 a.m.•4 views

CVE-2015-3416

creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...

7.5CVSS6.8AI score0.07717EPSS

Exploits0References1

Circl•added 2026/05/21 5:0 a.m.•3 views

CVE-2015-6607

creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...

6.8CVSS6.9AI score0.00396EPSS

Exploits0References1

Circl•added 2026/05/21 5:0 a.m.•4 views

CVE-2016-6153

creationtimestamp| type| source ---|---|--- 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03...

5.9CVSS6.5AI score0.00092EPSS

Exploits0References1

Positive Technologies•added 2026/05/20 12:0 a.m.•9 views

PT-2026-42147

Summary The fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is trivially bypassed by omitting the require option entirely. When...

10CVSS7.7AI score0.36936EPSS

Exploits1References8

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42146

Summary vm2 3.11.2 Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox code can obtain real cross-realm symbols, write them...

8.7CVSS5.9AI score

Exploits0References6

Circl•added 2026/05/19 5:0 a.m.•5 views

CVE-2026-8603

creationtimestamp| type| source ---|---|--- 2026-05-19 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03 2026-05-19 20:16:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mma7gqdcuo2c...

9.8CVSS5.8AI score0.00345EPSS

Exploits0References2

IBM Security Bulletins•added 2026/05/18 8:53 p.m.•12 views

Security Bulletin: glibc vulnerability

Summary Prior versions of Classic Remote Capture may include this vulnerability. Vulnerability Details CVEID:CVE-2025-15281 DESCRIPTION: Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized...

7.5CVSS6.9AI score0.0009EPSS

Exploits0Affected Software1

Krebs on Security•added 2026/05/18 8:48 p.m.•10 views

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive...

5.8AI score

Exploits0

Circl•added 2026/05/14 10:0 a.m.•3 views

CVE-2025-38708

creationtimestamp| type| source ---|---|--- 2026-05-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-10...

7.8CVSS7.2AI score0.00025EPSS

Exploits0References1

Circl•added 2026/05/14 10:0 a.m.•2 views

CVE-2025-39673

creationtimestamp| type| source ---|---|--- 2026-05-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-10...

4.7CVSS6.7AI score0.0002EPSS

Exploits0References1

Circl•added 2026/05/14 10:0 a.m.•3 views

CVE-2025-38698

creationtimestamp| type| source ---|---|--- 2026-05-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-10...

5.5CVSS6.7AI score0.00018EPSS

Exploits0References1

Circl•added 2026/05/14 10:0 a.m.•5 views

CVE-2025-39752

creationtimestamp| type| source ---|---|--- 2026-05-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-10...

5.5CVSS7.3AI score0.00021EPSS

Exploits0References1

Information Security Automation•added 2026/05/14 10:0 a.m.•8 views

About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability

About Remote Code Execution - Apache ActiveMQ CVE-2026-34197 vulnerability. Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them. This...

8.8CVSS6.8AI score0.83461EPSS

Exploits11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by