CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

210 matches found

PaloAlto Networks Expedition - Remote Code Execution

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. id: CVE-2024-946...

9.9CVSS7.6AI score0.98423EPSS

Exploits0References4

Nuclei•added yesterday•51 views

Palo Alto Expedition - SQL Injection

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS7.7AI score0.99597EPSS

Exploits3References4

Nuclei•added yesterday•41 views

Palo Alto Networks Expedition - OS Command Injection

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...

9.8CVSS7.5AI score0.77653EPSS

Exploits0References3

Nuclei•added yesterday•35 views

Palo Alto Expedition - Admin Account Takeover

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. id: CVE-2024-5910 info: name: Palo Alto Expedition - Admin Account Takeover author: johnk3r severity: critical...

9.8CVSS7.6AI score0.91684EPSS

Exploits9References3

RedhatCVE•added 2026/05/05 8:21 p.m.•6 views

CVE-2026-7688

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

5CVSS5.5AI score0.00221EPSS

Exploits0References1

OSV•added 2026/05/03 12:30 p.m.•3 views

GHSA-RVWR-Q5HJ-WQ7G Dolibarr has an Injection issue

5CVSS5.4AI score0.00221EPSS

Exploits0References5

Github Security Blog•added 2026/05/03 12:30 p.m.•6 views

Dolibarr has an Injection issue

5CVSS5.4AI score0.00221EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/05/03 9:15 a.m.•2 views

CVE-2026-7688

5CVSS5.5AI score0.00221EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/03 9:15 a.m.•5 views

CVE-2026-7688 Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection

5CVSS5.5AI score0.00221EPSS

Exploits0References3

Cvelist•added 2026/05/03 9:15 a.m.•37 views

CVE-2026-7688 Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection

5CVSS0.00221EPSS

Exploits0References3

CVE•added 2026/05/03 9:15 a.m.•21 views

CVE-2026-7688

Dolibarr ERP CRM (up to 23.0.2) contains a SQL injection in Shipments API Endpoint, via _checkValForAPI in htdocs/expedition/class/expedition.class.php. The vulnerability allows remote access with high attack complexity and LOW impact on confidentiality/integrity/availability; exploit maturity is...

5CVSS5.5AI score0.00221EPSS

Exploits0References3