CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2199 matches found

Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from th...

9.8CVSS7.9AI score0.94274EPSS

Exploits1References5

Nuclei•added 2 days ago•5 views

WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...

9.8CVSS7.6AI score0.76181EPSS

Exploits0References3

OSV•added 2026/05/27 11:53 a.m.•7 views

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00054EPSS

Exploits0References25

OSV•added 2026/05/26 2:54 p.m.•4 views

SUSE-SU-2026:2079-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00054EPSS

Exploits0References25

Nuclei•added 2026/05/25 4:37 a.m.•38 views

WhatsUp Gold HasErrors SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6670 info: name: WhatsUp Gold HasErrors SQL Injection - Authentication Bypass author: DhiyaneshDK,princechaddha severity:...

9.8CVSS7.6AI score0.94468EPSS

Exploits2References3

OSV•added 2026/05/18 12:17 a.m.•3 views

OPENSUSE-SU-2026:20763-1 Security update for go1.25

This update for go1.25 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

7.5CVSS6AI score0.00054EPSS

Exploits0References24

OSV•added 2026/05/14 10:34 p.m.•4 views

SUSE-SU-2026:1862-1 Security update for go1.25

7.5CVSS5.8AI score0.00054EPSS

Exploits0References25

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в binutils

GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper input validation, signed/unSigned comparison, out-of-bounds reading. The impact is: Denial of service. The component involved is: gold/fileread.cc:497, elfcpp/elfcppfile.h:644. The attack vector is: An ELF file...

5.5CVSS6.7AI score0.00147EPSS

Exploits0References2

Packet Storm•added 2026/03/09 12:0 a.m.•96 views

📄 Ipswitch WhatsUp Gold 1.0.0.24 Directory Traversal

Proof of concept exploit for a 2011 finding where Ipswitch WhatsUp Gold version 1.0.0.24 had a directory traversal in the included TFTP server. ============================================================================================================================================= | Title :...

7.8CVSS5.8AI score0.20793EPSS

Exploits4

Tenable Nessus•added 2026/01/20 12:0 a.m.•1 views

MiracleLinux 9 : binutils-2.35.2-42.el9 (AXSA:2023-6593:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6593:04 advisory. binutils: NULL pointer dereference in bfdelfgetsymbolversionstring leads to segfault CVE-2022-4285 Tenable has extracted the preceding description block...

5.5CVSS5.5AI score0.0006EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 11:43 a.m.•3 views

CVE-2010-0377

SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a playgame action. NOTE: some of these details are obtained from third party information...

7.5CVSS8.8AI score0.00466EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:52 a.m.•6 views

CVE-2022-42711

In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser...

9.6CVSS7.9AI score0.00516EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:18 a.m.•2 views

CVE-2025-23795

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ghuger Easy FAQs easy-faqs allows Stored XSS.This issue affects Easy FAQs: from n/a through = 3.2.1...

6.5CVSS7.2AI score0.00335EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:15 a.m.•3 views

CVE-2022-38088

A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability...

6.5CVSS7AI score0.0255EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:6 a.m.•4 views

CVE-2024-34563

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoldAddons Gold Addons for Elementor allows Stored XSS.This issue affects Gold Addons for Elementor: from n/a through 1.2.9...

6.5CVSS5.2AI score0.00313EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:45 a.m.•8 views

CVE-2022-38066

An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP response can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

8.8CVSS7.3AI score0.00434EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:45 a.m.•7 views

CVE-2022-38715

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS7.5AI score0.07518EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:43 a.m.•6 views

CVE-2022-42490

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...

9.8CVSS7.5AI score0.03845EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:43 a.m.•10 views

CVE-2022-42491

9.8CVSS7.6AI score0.03845EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:43 a.m.•7 views

CVE-2022-42493

9.8CVSS7.5AI score0.03845EPSS

Exploits0References1

Rows per page