CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2697 matches found

Ghost CMS - User Enumeration

Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests. id: CVE-2022-41697 info: name: Gho...

5.3CVSS5.9AI score0.20196EPSS

Exploits1References3

OSV•added last week•2 views

UBUNTU-CVE-2026-40997

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

5.3CVSS5.4AI score0.00464EPSS

Exploits0References3

SUSE CVE•added 2026/06/10 2:33 a.m.•8 views

SUSE CVE-2026-9698

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a...

7.8CVSS5.9AI score0.0071EPSS

Exploits0References3

Cvelist•added 2026/06/09 9:2 p.m.•30 views

CVE-2026-34417 OSCAL-GUI Reflected XSS via project parameter in oscal-forms.php

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS0.00168EPSS

Exploits0References2

EUVD•added 2026/06/09 7:22 a.m.•8 views

EUVD-2026-35366

9.8CVSS5.9AI score0.0071EPSS

Exploits0References2

CVE•added 2026/06/09 7:22 a.m.•19 views

CVE-2026-9698

CVE-2026-9698 affects the Perl DBI module. Versions before 1.648 save error messages in a 200-byte buffer without length control, allowing an attacker who can influence error text to trigger a buffer overflow. Connected sources confirm the issue in DBI for Perl and identify the vulnerable compone...

9.8CVSS5.9AI score0.0071EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/06/09 12:0 a.m.•8 views

PT-2026-48280

6.1CVSS5.6AI score0.00168EPSS

Exploits0References3

CNNVD•added 2026/06/09 12:0 a.m.•6 views

DBI 缓冲区错误漏洞

DBI is a Perl database interface tool developed under the open-source license of perl5-dbi. Versions of DBI prior to 1.648 contained a buffer error vulnerability. This vulnerability stemmed from the lack of length limitation when error messages were written into a 200-byte buffer, which could lea...

9.8CVSS5.7AI score0.0071EPSS

Exploits0References1

CNNVD•added 2026/06/09 12:0 a.m.•3 views

OSCAL-GUI 跨站脚本漏洞

OSCAL-GUI is a graphical interface tool developed by OSCAL Corporation for creating, editing, viewing, and managing OSCAL compliance data models. OSCAL-GUI has a cross-site scripting vulnerability. This vulnerability stems from the fact that the project request parameters values in oscal-forms.ph...

6.1CVSS5.5AI score0.00168EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:48 p.m.•7 views

CVE-2026-1248

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

4.3CVSS5.4AI score0.00219EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:26 p.m.•6 views

CVE-2026-39851

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...

5.3CVSS5.5AI score0.00243EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:25 p.m.•6 views

CVE-2026-44749

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

4.3CVSS5.5AI score0.00258EPSS

Exploits0References1

Positive Technologies•added 2026/06/03 12:0 a.m.•8 views

PT-2026-45950

Name of the Vulnerable Software and Affected Versions backpack/crud versions prior to 5.0.13 backpack/crud versions prior to 4.1.69 backpack/crud versions prior to 4.0.63 Description Reflected Cross-Site Scripting XSS occurs because error views output the exception message without escaping it. An...

5.1CVSS5.8AI score0.00303EPSS

Exploits0References7

OSV•added 2026/06/02 11:16 p.m.•4 views

DEBIAN-CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS5.8AI score0.00263EPSS

Exploits0References1

Snyk•added 2026/06/02 9:39 p.m.•4 views

Improper Output Neutralization for Logs

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. Go Vulnerability Report: When returning errors, functions in the net/textproto package would include its input as part of the...

6.9CVSS5.5AI score0.00263EPSS

Exploits0References3

CNNVD•added 2026/06/02 12:0 a.m.•2 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where functions return errors that include the input within the error message. This allows attackers ...

5.3CVSS5.3AI score0.00263EPSS

Exploits0References4