CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

ATTACKERKB•added 2026/05/13 7:28 p.m.•3 views

CVE-2026-28374

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

4.3CVSS5.8AI score0.00198EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-1454

Malware in sbrugna...

6.5CVSS6.5AI score0.00517EPSS

Exploits1References3

RedhatCVE•added 2025/05/22 3:31 a.m.•6 views

CVE-2012-3022

The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted w...

8.5CVSS7.2AI score0.0129EPSS

Exploits0References1

Positive Technologies•added 2025/04/25 12:0 a.m.•4 views

PT-2025-17870 · Unknown · Sherpa Orchestrator

Name of the Vulnerable Software and Affected Versions: Sherpa Orchestrator version 141851 Description: A low-privileged user can elevate their privileges by creating new users and roles. Recommendations: For Sherpa Orchestrator version 141851, consider restricting the ability of low-privileged...

6.4CVSS6.2AI score0.00231EPSS

Exploits0References9

CVE•added 2025/04/16 9:28 p.m.•83 views

CVE-2025-31478

CVE-2025-31478 applies to Zulip, an open-source team chat tool. A bug in the Zulip server allowed account creation in organizations that rely on a single-sign-on (SSO) backend and have disabled EmailAuthBackend, effectively bypassing the configured SSO. The issue affects configurations where acce...

8.2CVSS8.2AI score0.00309EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2024/12/30 12:0 a.m.•3 views

PT-2024-17909 · Softiron · Softiron Hypercloud

Name of the Vulnerable Software and Affected Versions: SoftIron HyperCloud versions 2.3.0 through 2.4.x Description: An issue exists where authenticated, but non-admin users can create data pools, potentially impacting the performance and availability of the backend software-defined storage...

4.8CVSS7.2AI score0.0041EPSS

Exploits0References6

RedHat Linux•added 2024/11/05 12:7 p.m.•20 views

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.6AI score0.48081EPSS

Exploits0References1

RedHat Linux•added 2024/11/05 11:47 a.m.•26 views

Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 Openshift Jenkins security update

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.4CVSS6.6AI score0.01936EPSS

Exploits0References1

Tenable Nessus•added 2024/10/04 12:0 a.m.•17 views

FreeBSD : jenkins -- multiple vulnerabilities (3c6f8270-3210-4e2f-ba72-a9cdca7417a0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3c6f8270-3210-4e2f-ba72-a9cdca7417a0 advisory. Jenkins Security Advisory: Exposure of multi-line secrets through error messages in Jenkins It...

4.3CVSS6.5AI score0.0084EPSS

Exploits0References4

RedhatCVE•added 2024/10/02 4:44 p.m.•19 views

CVE-2024-47804

A flaw was found in Jenkins. When attempting to create an item prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API, if either of these checks fail, Jenkins creates the item in memory and only deletes it from disk. This may...

5.3CVSS6.1AI score0.00684EPSS

Exploits0References4

Positive Technologies•added 2024/04/10 12:0 a.m.•7 views

PT-2024-21369 · Enpass · Enpass Password Manager Desktop Client

Name of the Vulnerable Software and Affected Versions: Enpass Password Manager Desktop Client version 6.9.2 Description: The issue allows attackers to run arbitrary HTML code via the creation of a crafted note, potentially leading to HTML injection. This can occur in the Enpass Password Manager...

8.8CVSS7.7AI score0.00573EPSS

Exploits0References5

Positive Technologies•added 2021/02/03 12:0 a.m.•2 views

PT-2021-12850 · Squaredup · Squaredup

Name of the Vulnerable Software and Affected Versions: SquaredUp versions prior to 4.6.0 Description: The issue allows for Stored XSS attacks. A user can create a dashboard that executes malicious content in an iframe or by uploading an SVG that contains a script. Recommendations: For versions...

5.4CVSS5.1AI score0.00873EPSS

Exploits0References7

Hacker One•added 2019/01/08 11:41 a.m.•16 views

Nextcloud: WordPress vulnerable to multiple attacks at https://nextcloud.com

summary: your current version of WordPress is available to multiple attacks check INFO.php available attacks: - Unauthenticated Arbitrary File Deletion - lib/IPTraf.php User-Agent Header Stored XSS - Password Creation Restriction Bypass - wp-admin/admin.php whois Parameter Stored XSS - XSS & IAA ...

1.5AI score

Exploits0

Exploit DB•added 2006/08/10 12:0 a.m.•31 views

SaveWebPortal 3.4 - 'page' Remote File Inclusion

-------------------------------------------- SaveWebPortal -------------------------------------------- to inject succesfully you have to create a file called shell.html.txt or shell.php.txt otherwise it wont work! -------------------------------------------- Affected File: index.php =...

7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by