CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

RedhatCVE•added 2026/06/05 7:14 p.m.•10 views

CVE-2026-40845

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.8AI score0.00262EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 7:58 a.m.•8 views

CVE-2026-40845 Authenticated SQLi in devices_configuration view

7.1CVSS5.9AI score0.00262EPSS

Exploits0References1

EUVD•added 2026/05/27 7:58 a.m.•14 views

EUVD-2026-32144

7.1CVSS5.9AI score0.00262EPSS

Exploits0References1

Cvelist•added 2026/05/27 7:58 a.m.•29 views

CVE-2026-40845 Authenticated SQLi in devices_configuration view

7.1CVSS0.00262EPSS

Exploits0References1

CVE•added 2026/05/27 7:58 a.m.•13 views

CVE-2026-40845

Technical details are not publicly available in the provided documents. Monitor for updates from official advisories to obtain affected products, vulnerable components, impact, and remediation.

7.1CVSS5.9AI score0.00262EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43611

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices configuration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.9AI score0.00262EPSS

Exploits0References2

EUVD•added 2026/03/16 3:30 p.m.•6 views

EUVD-2026-12214

A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...

10CVSS7.1AI score0.0207EPSS

Exploits0References5

ATTACKERKB•added 2026/02/05 11:38 a.m.•3 views

CVE-2026-1966

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

2.4CVSS5.4AI score0.00163EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/05 11:38 a.m.•5 views

CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI

2.4CVSS5.4AI score0.00163EPSS

Exploits0References1

EUVD•added 2026/02/05 11:38 a.m.•6 views

EUVD-2026-5553

2.4CVSS5.4AI score0.00163EPSS

Exploits0References1

RedhatCVE•added 2025/10/10 4:20 p.m.•4 views

CVE-2025-59996

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target'...

6.1CVSS6.9AI score0.00202EPSS

Exploits0References1

EUVD•added 2025/10/09 6:30 p.m.•4 views

EUVD-2025-33370

6.1CVSS6.5AI score0.00202EPSS

Exploits0References2

OSV•added 2025/10/09 5:16 p.m.•2 views

CVE-2025-59996

5.1CVSS6AI score0.00202EPSS

Exploits0References1

NVD•added 2025/10/09 5:16 p.m.•9 views

CVE-2025-59996

6.1CVSS0.00202EPSS

Exploits0References1

CVE•added 2025/10/09 4:14 p.m.•10 views

CVE-2025-59996

The CVE-2025-59996 issue affects Juniper Networks Junos Space versions prior to 24.1R4, where an Improper Neutralization of Input During Web Page Generation enables cross-site scripting in the Configuration View page. Exploitation would allow an attacker to inject script tags that, when a second ...

6.1CVSS6.5AI score0.00202EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/09 4:14 p.m.•4 views

CVE-2025-59996 Junos Space: Configuration View page is vulnerable to reflected cross-site script injection

6.1CVSS6.5AI score0.00202EPSS

Exploits0References1

Cvelist•added 2025/10/09 4:14 p.m.•9 views

CVE-2025-59996 Junos Space: Configuration View page is vulnerable to reflected cross-site script injection

6.1CVSS0.00202EPSS

Exploits0References1

Positive Technologies•added 2025/10/09 12:0 a.m.•5 views

PT-2025-41432

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' issue exists in Juniper Networks Junos Space. This allows an attacker to inject script tags...

6.1CVSS6.9AI score0.00202EPSS

Exploits0References4

BDU FSTEC•added 2024/10/29 12:0 a.m.•4 views

The vulnerability in the web interface for managing microprogramming software in Cisco Analog Telephone Adapter (ATA) Series 190 devices allows a perpetrator to view or delete configurations or modify firmware.

The vulnerability of the web interface for managing microprogramming software in Cisco Analog Telephone Adapter ATA devices of the 190 series is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to view or delete configurations, or modify firmware using...

8.5CVSS5.5AI score0.00713EPSS

Exploits0References3Affected Software3

CNNVD•added 2024/05/03 12:0 a.m.•3 views

Wings 安全漏洞

Wings is the server control interface for Pterodactyl Panel. A security vulnerability exists in Wings versions prior to 1.11.12, which stems from a Wings token that can be accidentally disclosed by viewing the node configuration, allowing an attacker to use it to gain write and read access to...

8.4CVSS8.2AI score0.00544EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by