CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13464 matches found

Cisco Secure Firewall Management Center - Authentication Bypass

Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...

10CVSS9AI score0.33898EPSS

Exploits2References2

Nuclei•added 14 hours ago•19 views

ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 subTab or 2 tab parameter to createAnomaly.do; 3 url, 4 subTab, or 5 tab parameter to mindex.do; 6 tab parameter to index2.do; or 7 port...

4.3CVSS5.2AI score0.07718EPSS

Exploits1References5

Nuclei•added 14 hours ago•23 views

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...

6.1CVSS5.9AI score0.00982EPSS

Exploits2References4

Nuclei•added 14 hours ago•42 views

SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery

SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...

5.3CVSS6.5AI score0.61736EPSS

Exploits3References5

Nuclei•added 14 hours ago•78 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7.9AI score0.2389EPSS

Exploits0References5

Nuclei•added 14 hours ago•63 views

pfSense - Arbitrary File Write

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS8.1AI score0.87113EPSS

Exploits4References5

Nuclei•added 14 hours ago•46 views

Huawei Firewall - Local File Inclusion

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

4.3CVSS5.2AI score0.01238EPSS

Exploits0References1

Nuclei•added 14 hours ago•70 views

WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials

WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wccautoscaling.py file. An attacker can use this account to access system configuration and...

9.8CVSS8.3AI score0.12351EPSS

Exploits0References5

Nuclei•added 14 hours ago•14 views

Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...

7.5CVSS7.7AI score0.04691EPSS

Exploits1References2

Nuclei•added 14 hours ago•28 views

Zyxel - Cross-Site Scripting

Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100 devices contain a reflected cross-site scripting vulnerability on the security firewall login page via the mpidx...

6.1CVSS5.8AI score0.2095EPSS

Exploits3References5

Nuclei•added 14 hours ago•42 views

Lotus Domino R5 and R6 WebMail - Information Disclosure

Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...

5CVSS5.2AI score0.73635EPSS

Exploits11References5

RedhatCVE•added 2 days ago•4 views

CVE-2026-10649

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial...

8.6CVSS5.3AI score0.00457EPSS

Exploits0References4

Nuclei•added 2 days ago•9 views

Sophos Firewall <= 19.0 MR1 - Remote Code Execution

Sophos Firewall version v19.0 MR1 and older is vulnerable to code injection in the User Portal and Webadmin, allowing a remote unauthenticated attacker to execute arbitrary code. id: CVE-2022-3236 info: name: Sophos Firewall = 19.0 MR1 - Remote Code Execution author: daffainfo severity: critical...

9.8CVSS9.3AI score0.98905EPSS

Exploits0References2

Nuclei•added 2 days ago•119 views

Sophos Firewall <=18.5 MR3 - Remote Code Execution

Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code. id: CVE-2022-1040 info: name: Sophos Firewall =18.5 MR4 to mitigate this vulnerability. reference: -...

9.8CVSS9AI score0.99796EPSS

Exploits9References5

Nuclei•added 2 days ago•22 views

Cisco Secure Firewall ASA & FTD - Authentication Bypass

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should...

8.6CVSS8.8AI score0.83681EPSS

Exploits0References2

Nuclei•added 2 days ago•612 views

GlobalProtect - OS Command Injection

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama...

10CVSS9.2AI score0.99999EPSS

Exploits43References5

Nuclei•added 2 days ago•20 views

Zoho manageengine - Cross-Site Scripting

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the...

6.1CVSS5.6AI score0.98463EPSS

Exploits3References4

Nuclei•added 2 days ago•33 views

Zyxel Firewall - OS Command Injection

An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1...

10CVSS8.8AI score0.9994EPSS

Exploits25References5