CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Vulnrichment•added 2026/03/12 6:4 p.m.•1 views

CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS6.4AI score0.00629EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2003-0615

Malware in sbrugna...

5CVSS6.4AI score0.0682EPSS

Exploits1References5

NVD•added 2023/08/05 2:15 a.m.•7 views

CVE-2023-38943

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

8.8CVSS8.9AI score0.04387EPSS

Exploits1References2

Prion•added 2023/08/05 2:15 a.m.•16 views

Command injection

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

6.5CVSS8.9AI score0.04387EPSS

Exploits1References2Affected Software1

CVE•added 2023/08/05 12:0 a.m.•49 views

CVE-2023-38943

ShuiZe_0x727 v1.0 contains a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. CVSS 3.1 metrics indicate NETWORK vector, high impact to confidentiality, integrity, and availability (8.8). No remediation details or in‑the‑wild exploitation information are provided...

8.8CVSS8.9AI score0.04387EPSS

Exploits1References2Affected Software1

OSV•added 2020/05/07 2:15 p.m.•1 views

CVE-2019-18870

A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine...

6.5CVSS6.7AI score0.00727EPSS

Exploits1References1

Prion•added 2020/05/07 2:15 p.m.•8 views

Path traversal

A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine...

4CVSS6.5AI score0.00727EPSS

Exploits1References1Affected Software1

NVD•added 2003/12/01 5:0 a.m.•10 views

CVE-2003-0623

Cross-site scripting XSS vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument...

4.3CVSS5.9AI score0.00539EPSS

Exploits1References4

CVE•added 2003/11/05 5:0 a.m.•49 views

CVE-2003-0623

CVE-2003-0623 describes a cross-site scripting (XSS) vulnerability in the BEA Tuxedo Administration Console (versions 8.1 and earlier). The flaw allows remote attackers to inject arbitrary web script via the INIFILE parameter. The connected documents confirm the affected component and the exploit...

4.3CVSS6.2AI score0.00539EPSS

Exploits1References4Affected Software2

Cvelist•added 2003/11/05 5:0 a.m.•13 views

CVE-2003-0623

Cross-site scripting XSS vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument...

5.9AI score0.00539EPSS

Exploits1References4

CVE•added 2003/11/05 5:0 a.m.•54 views

CVE-2003-0621

CVE-2003-0621 affects the BEA Tuxedo Administration Console (8.1 and earlier). The vulnerability arises from the INIFILE argument, where modified paths can cause directory traversal to reveal files outside the web root. Impact is information disclosure; the description does not confirm exploit de...

5CVSS7.1AI score0.0682EPSS

Exploits1References4Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by