CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2026/02/28 1:55 a.m.•3 views

CVE-2026-21389

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route...

8.8CVSS6.6AI score0.00282EPSS

Exploits0References1

EUVD•added 2026/02/27 3:30 a.m.•5 views

EUVD-2026-8946

8.8CVSS6.3AI score0.00282EPSS

Exploits0References4

OSV•added 2026/02/27 1:16 a.m.•0 views

CVE-2026-21389

8.8CVSS6.5AI score0.00282EPSS

Exploits0References3

NVD•added 2026/02/27 1:16 a.m.•2 views

CVE-2026-21389

8.8CVSS0.00282EPSS

Exploits0References3

ATTACKERKB•added 2026/02/27 12:38 a.m.•3 views

CVE-2026-21389

8.8CVSS6.4AI score0.00282EPSS

Exploits0References4

CVE•added 2026/02/27 12:38 a.m.•12 views

CVE-2026-21389

CVE-2026-21389 is an OS command injection affecting XWEB Pro

8.8CVSS6.3AI score0.00282EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/02/27 12:38 a.m.•6 views

CVE-2026-21389 Copeland XWEB and XWEB Pro OS Command Injection

8CVSS6.6AI score0.00282EPSS

Exploits0References3

Cvelist•added 2026/02/27 12:38 a.m.•18 views

CVE-2026-21389 Copeland XWEB and XWEB Pro OS Command Injection

8CVSS0.00282EPSS

Exploits0References3

Prion•added 2023/09/11 9:15 p.m.•18 views

Information disclosure

In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

1.7CVSS5.2AI score0.00023EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by