CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

82 matches found

Vulnrichment•added 2026/05/14 11:22 a.m.•7 views

CVE-2026-45205 Apache Commons Configuration: StackOverflowError for YAML input with cycles

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.8AI score0.00507EPSS

Exploits0References2

Snyk•added 2026/04/16 10:45 p.m.•5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

6CVSS6AI score

Exploits0References2

PyPA•added 2026/04/06 6:16 p.m.•8 views

PYSEC-2026-72

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...

9.8CVSS6.6AI score0.00714EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/03/23 6:2 p.m.•3 views

CVE-2025-15605

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...

8.5CVSS5.8AI score0.00133EPSS

Exploits0References6

Cvelist•added 2026/03/19 12:0 a.m.•21 views

CVE-2025-67112

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

0.00401EPSS

Exploits0References3

PyPA•added 2026/02/16 11:15 a.m.•5 views

PYSEC-2026-110

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

9CVSS5.8AI score0.00243EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/01/07 9:41 a.m.•3 views

CVE-1999-0678

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server...

5CVSS6.9AI score0.31408EPSS

Exploits0References1