CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7279 matches found

OSV•added 2026/03/26 9:47 p.m.•3 views

CVE-2026-33687 Sharp has Unrestricted File Upload via Client-Controlled Validation Rules

Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the ApiFormUploadController accepts a...

8.8CVSS5.9AI score0.00507EPSS

Exploits0References6

EUVD•added 2026/03/26 3:30 p.m.•2 views

EUVD-2018-21690

AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image'...

6.9CVSS6AI score0.00183EPSS

Exploits1References4

RedhatCVE•added 2026/03/26 3:15 p.m.•3 views

CVE-2026-4206

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function...

9.8CVSS6.2AI score0.03233EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 3:12 p.m.•3 views

CVE-2026-25771

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

7.5CVSS5.9AI score0.00466EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 3:2 p.m.•3 views

CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

7.6CVSS5.8AI score0.0014EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:1 p.m.•2 views

CVE-2026-33483

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data...

7.5CVSS6AI score0.00605EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 3:0 p.m.•2 views

CVE-2026-33054

Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard...

10CVSS5.9AI score0.00713EPSS

Exploits1References1

NVD•added 2026/03/26 2:16 p.m.•3 views

CVE-2018-25216

6.9CVSS0.00183EPSS

Exploits1References3

Cvelist•added 2026/03/26 1:24 p.m.•19 views

CVE-2018-25216 AnyBurn 4.3 Denial of Service Local Buffer Overflow

6.9CVSS0.00183EPSS

Exploits1References3

ATTACKERKB•added 2026/03/26 1:24 p.m.•1 views

CVE-2018-25216

6.9CVSS6AI score0.00183EPSS

Exploits1References3

Vulnrichment•added 2026/03/26 1:24 p.m.•3 views

CVE-2018-25216 AnyBurn 4.3 Denial of Service Local Buffer Overflow

6.9CVSS6AI score0.00183EPSS

Exploits1References3

CVE•added 2026/03/26 1:24 p.m.•8 views

CVE-2018-25216

CVE-2018-25216 affects AnyBurn 4.3 through a local buffer overflow in the image file name field during Copy disk to Image. A 10000-byte payload in the Image file name can crash the application, causing a denial of service via local access. Root cause: insufficient bound checking in handling image...

6.9CVSS6AI score0.00183EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/03/26 12:0 a.m.•5 views

PT-2026-28253

6.9CVSS6.1AI score0.00183EPSS

Exploits1References4

Microsoft CVE•added 2026/03/25 8:2 a.m.•3 views

Libarchive: libarchive: denial of service via malformed iso file processing

...

6.5CVSS5.7AI score0.00305EPSS

Exploits0

SUSE CVE•added 2026/03/25 12:23 a.m.•3 views

SUSE CVE-2026-33202

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled inp...

9.1CVSS5.8AI score0.00646EPSS

Exploits0References3

RedhatCVE•added 2026/03/24 11:7 a.m.•2 views

CVE-2026-33202

A flaw was found in Active Storage, a component of Rails applications. This vulnerability occurs because Active Storage's DiskServicedeleteprefixed function does not properly escape glob metacharacters when processing blob keys. A remote attacker could exploit this by providing a specially crafte...

9.1CVSS5.7AI score0.00646EPSS

Exploits0References10

EUVD•added 2026/03/24 6:31 a.m.•4 views

EUVD-2026-14732

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like getParameterMap, the server prematurely parses and stores this content to...

5.9CVSS5.8AI score0.00441EPSS

Exploits0References3