CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

619 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•8 views

Astra Linux - уязвимость в apache2

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some uses of the legacy content-type-based configuration of handlers. Configurations like “AddType” and similar ones, under certain circumstances where files are requested indirectly, can lead to exposure of local...

5.3CVSS6.7AI score0.25097EPSS

Exploits3References2

NVD•added 2026/05/14 6:16 p.m.•5 views

CVE-2026-6332

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

7.5CVSS0.00012EPSS

Exploits0References1

CVE•added 2026/05/14 4:54 p.m.•7 views

CVE-2026-6332

CVE-2026-6332 describes a plaintext storage of sensitive information vulnerability in Schneider Electric’s EcoStruxure Machine Expert HVAC platform. The issue centers on how sensitive data (potentially including protected source code) is stored, which could lead to confidentiality loss if an auth...

7.5CVSS5.8AI score0.00012EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/05/12 12:41 p.m.•9 views

CVE-2026-6402

A flaw was found in webpack-dev-server. When the development server operates over plain HTTP, a remote attacker can exploit a cross-origin source code exposure vulnerability. This allows a malicious website, visited by a developer, to load the bundled application source code as a script and read ...

6.5CVSS5.8AI score0.00032EPSS

Exploits0References5

Positive Technologies•added 2026/03/16 12:0 a.m.•4 views

PT-2026-25834

Name of the Vulnerable Software and Affected Versions ChargePoint Home Flex affected versions not specified Description The ChargePoint Home Flex software contains an information disclosure issue. Sensitive information was included in the source code. The issue was discovered by Sina Kheirkhah of...

7.5CVSS7.1AI score0.00766EPSS

Exploits0References5

OSV•added 2026/02/25 10:58 p.m.•3 views

CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

10CVSS6.5AI score0.00156EPSS

Exploits0References6

ATTACKERKB•added 2026/02/25 10:58 p.m.•3 views

CVE-2026-27613

10CVSS6.4AI score0.00156EPSS

Exploits0References5Affected Software1

CVE•added 2026/02/25 10:58 p.m.•7 views

CVE-2026-27613

CVE-2026-27613 affects TinyWeb (Delphi, Win32) versions prior to 2.01. An unauthenticated remote attacker can bypass CGI parameter security controls, with impact depending on configuration and CGI executable: possible source code disclosure or remote code execution. The issue is fixed in version ...

10CVSS6.4AI score0.00156EPSS

Exploits0References4Affected Software1

EUVD•added 2026/02/25 10:58 p.m.•3 views

EUVD-2026-8763

10CVSS6.4AI score0.00156EPSS

Exploits0References4

Cvelist•added 2026/02/25 10:58 p.m.•22 views

CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)

10CVSS0.00156EPSS

Exploits0References4

CVE•added 2026/02/11 2:13 p.m.•9 views

CVE-2026-2250

METIS WIC devices expose /dbviewer/ without authentication, allowing remote access to an internal telemetry SQLite database containing sensitive operational data. The issue is compounded by debug mode being enabled, which returns verbose Django tracebacks that disclose backend source code, local ...

7.5CVSS5.6AI score0.00119EPSS

Exploits0References2

Vulnrichment•added 2026/02/11 2:13 p.m.•3 views

CVE-2026-2250 Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...

7.5CVSS5.6AI score0.00119EPSS

Exploits0References1