CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

298 matches found

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7.2AI score0.1449EPSS

Exploits2

CVE•added 2026/01/26 2:2 a.m.•12 views

CVE-2026-1414

CVE-2026-1414 affects Sangfor Operation and Maintenance Security Management System (up to version 3.0.12). The vulnerability resides in the HTTP POST Request Handler for /equipment/get_Information, where tampering with the fortEquipmentIp argument can trigger a command injection. The issue can be...

9.8CVSS6.5AI score0.04051EPSS

Exploits1References4Affected Software1

Tenable Nessus•added 2026/01/20 12:0 a.m.•5 views

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.3-2.el7, rh-nodejs14-nodejs-14.17.2-1.el7 (AXSA:2021-2260:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2260:01 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

7.5CVSS7.7AI score0.23132EPSS

Exploits3References5

RedhatCVE•added 2026/01/09 12:41 p.m.•7 views

CVE-2023-25695

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...

5.3CVSS6.8AI score0.01382EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:50 a.m.•11 views

CVE-2022-37382

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

5.5CVSS6AI score0.00865EPSS

Exploits0References1

CNVD•added 2025/11/25 12:0 a.m.•2 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-925280)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score

Exploits0

Positive Technologies•added 2025/11/19 12:0 a.m.•4 views

PT-2025-47520

Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.6 Description A flaw exists in the database plan cache implementation that could allow a user with database access to view information they are not authorized to see. Recommendations IBM i versions 7.2 through 7.6...

6.5CVSS6.2AI score0.00232EPSS

Exploits0References3