CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Snyk•added 2026/03/26 10:25 p.m.•1 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the process that writes configuration payloads to the audit log, where sensitive fields such as ldapsearchpassword and oidcclientsecret are not redacted. An attacker can obtain...

6.9CVSS5.9AI score

Exploits0References3

OSV•added 2025/07/29 6:49 p.m.•2 views

GO-2025-3826 Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor

Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

4.9CVSS6AI score0.00387EPSS

Exploits0References6

Positive Technologies•added 2025/07/23 12:0 a.m.•2 views

PT-2025-30606 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions 2.11.2 and below Harbor versions 2.12.0-rc1 Harbor versions 2.13.0-rc1 Description: Harbor, an open source trusted cloud native registry project, is susceptible to a stored cross-site scripting XSS issue. The markdown field...

4.1CVSS5.2AI score0.0016EPSS

Exploits0References13

OSV•added 2024/08/02 1:15 a.m.•13 views

CVE-2024-22278

Incorrect user permission validation in Harbor v2.9.5 and Harbor v2.10.3 allows authenticated users to modify configurations...

4.3CVSS6.8AI score

Exploits0References1

Chainguard•added 2024/07/31 9:15 p.m.•8 views

CVE-2024-40464 vulnerabilities

Vulnerabilities for packages: harbor-fips, harbor...

8.8CVSS5.8AI score0.00751EPSS

Exploits0

OSV•added 2024/06/10 11:15 p.m.•2 views

CVE-2024-22244

Open Redirect in Harbor =v2.8.4, =v2.9.2, and =v2.10.0 may redirect a user to a malicious site...

6.1CVSS6.6AI score

Exploits0References1

OSV•added 2023/01/13 12:15 a.m.•7 views

CVE-2022-46463

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."...

7.5CVSS6.6AI score

Exploits0References3

Positive Technologies•added 2023/01/12 12:0 a.m.•2 views

PT-2023-14936

Name of the Vulnerable Software and Affected Versions Harbor versions 1.X.X through 2.5.3 Description An access control issue allows attackers to access public and private image repositories without authentication. The vendor states this behavior is documented as a feature. There is no informatio...

7.5CVSS7.4AI score0.76902EPSS

Exploits2References14

Veracode•added 2020/02/03 7:18 a.m.•18 views

SQL Injection

github.com/goharbor/harbor is vulnerable to SQL injection. The vulnerability exists as it was possible for an authenticated administrator to send a SQL payload through the sort GET parameter in the project quotas section...

4.9CVSS2.5AI score0.00336EPSS

Exploits0References6Affected Software1

Veracode•added 2018/01/15 7:8 a.m.•10 views

LDAP Injection

github.com/vmware/harbor is vulnerable to LDAP injection attacks. The vulnerability exists due to the lack of sanitization on the username parameter, which is subsequently used to create the ldapFilter...

7AI score

Exploits0

OSV•added 2017/12/15 9:29 a.m.•13 views

CVE-2017-17697

The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...

8.6CVSS6.8AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by