CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/04/03 11:27 p.m.•2 views

SUSE CVE-2026-23451

In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bondheaderparse bondheaderparse can loop if a stack of two bonding devices is setup, because skb-dev always points to the hierarchy top. Add new "const struct netdevice dev" parameter t...

7.5CVSS5.7AI score0.00446EPSS

Exploits0References3

EUVD•added 2026/04/03 6:31 p.m.•2 views

EUVD-2026-18702

5.7AI score0.00446EPSS

Cvelist•added 2026/03/06 7:56 a.m.•24 views

CVE-2026-2331 CVE-2026-2331

An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access witho...

9.8CVSS0.00886EPSS

Vulnrichment•added 2026/03/06 7:56 a.m.•5 views

CVE-2026-2331 CVE-2026-2331

9.8CVSS6AI score0.00886EPSS

CVE•added 2026/03/06 7:56 a.m.•19 views

CVE-2026-2331

CVE-2026-2331 describes unauthenticated read/write access to sensitive filesystem areas via AppEngine Fileaccess over HTTP caused by improper access restrictions. A critical filesystem directory was exposed through the HTTP-based file access feature, allowing access without authentication. Impact...

9.8CVSS6AI score0.00886EPSS

Positive Technologies•added 2026/03/06 12:0 a.m.•6 views

PT-2026-23660

Name of the Vulnerable Software and Affected Versions AppEngine affected versions not specified Description An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical...

9.8CVSS6AI score0.00886EPSS

Exploits0References15

OSV•added 2026/02/19 1:16 p.m.•3 views

CVE-2019-25416

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through the device parameter. Attackers can send POST requests to the QoS devices management endpoint with script payloads in the device...

5.1CVSS5.9AI score0.00344EPSS

NVD•added 2026/02/19 1:16 p.m.•4 views

CVE-2019-25416

6.1CVSS0.00344EPSS

Vulnrichment•added 2026/02/19 12:2 p.m.•4 views

CVE-2019-25416 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via device Parameter

CVE•added 2026/02/19 12:2 p.m.•12 views

CVE-2019-25416

CVE-2019-25416 affects Comodo Dome Firewall 2.7.0, where a reflected cross-site scripting vulnerability exists in the device parameter. The issue arises when an attacker submits crafted input to the QoS devices management endpoint via POST requests, enabling execution of arbitrary JavaScript in u...

Exploits1References4Affected Software1

Cvelist•added 2026/02/19 12:2 p.m.•26 views

CVE-2019-25416 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via device Parameter

6.1CVSS0.00344EPSS

ATTACKERKB•added 2026/02/19 12:2 p.m.•8 views

CVE-2019-25416

Exploits1References4Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•5 views

PT-2026-20819

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2012-6596

Malware in sbrugna...

9.4CVSS6.4AI score0.02476EPSS

RedhatCVE•added 2025/08/13 3:28 p.m.•8 views

CVE-2012-10040

Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the...

9.4CVSS8.5AI score0.02476EPSS

Exploits0References1

NVD•added 2025/08/11 3:15 p.m.•4 views

CVE-2012-10040

9.4CVSS0.02476EPSS

Vulnrichment•added 2025/08/11 2:56 p.m.•2 views

CVE-2012-10040 Openfiler v2.x NetworkCard Command Execution

9.4CVSS8.4AI score0.02476EPSS