CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

199 matches found

Homematic CCU3 - Local File Inclusion

eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. id: CVE-2019-9726 info: name: Homematic CCU3 - Local...

7.5CVSS7.4AI score0.59718EPSS

Exploits1References3

Vulnrichment•added 2026/05/21 9:7 p.m.•4 views

CVE-2026-5091 Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

5.8AI score0.00007EPSS

Exploits0References2

Positive Technologies•added 2026/05/21 12:0 a.m.•7 views

PT-2026-42551

5.1CVSS5.8AI score0.00007EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 10:17 a.m.•4 views

CVE-2019-18939

eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request...

9.8CVSS7.9AI score0.30108EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:56 a.m.•6 views

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

9.8CVSS7.8AI score0.45806EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:31 a.m.•5 views

CVE-2019-16199

eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process...

9.8CVSS7.8AI score0.45791EPSS

Exploits1References1