CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

Grafana <= 6.7.1 - Cross-Site Scripting

Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...

5.4CVSS6.6AI score0.09619EPSS

Exploits0References5

ATTACKERKB•added 2026/05/28 9:36 a.m.•8 views

CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

5.7AI score0.00123EPSS

Exploits0References8Affected Software1

OSV•added 2026/05/07 8:26 a.m.•8 views

CLSA-2026-1778142360 jq: Fix of 2 CVEs

CVE-2026-33947: limit path depth in jvsetpath, jvgetpath, and jvdelpaths to prevent stack overflow from deep path arrays - CVE-2026-33948: remove strlen-based length calculation that truncated JSON input at embedded NUL bytes, preventing parser-differential attacks...

6.3CVSS5.9AI score0.00256EPSS

Exploits2References1

OSV•added 2026/04/24 3:16 p.m.•6 views

DEBIAN-CVE-2026-31607

In the Linux kernel, the following vulnerability has been resolved: usbip: validate numberofpackets in usbippackretsubmit When a USB/IP client receives a RETSUBMIT response, usbippackretsubmit unconditionally overwrites urb-numberofpackets from the network PDU. This value is subsequently used as...

9.8CVSS5.6AI score0.00576EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-1365

Malware in sbrugna...

9.1CVSS6.8AI score0.06266EPSS

Exploits0References16

BDU FSTEC•added 2025/06/18 12:0 a.m.•5 views

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of measures to neutralize special elements used within the operating system, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary SQL...

8.7CVSS6AI score0.02603EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2025/05/22 7:55 a.m.•11 views

CVE-2018-15811

DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...

7.5CVSS6.7AI score0.74048EPSS

Exploits4References1

OSV•added 2024/11/25 7:7 p.m.•15 views

CVE-2024-53262 Unescaped error message included on error page in SvelteKit

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contai...

2CVSS6.7AI score0.0047EPSS

Exploits1References5

BDU FSTEC•added 2024/01/25 12:0 a.m.•3 views

The vulnerability of the Device Manager Agent component of the Hitachi Device Manager storage management system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Device Manager Agent component of the Hitachi Device Manager storage management system is related to insufficient protection of password input fields. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected...

7.8CVSS7.1AI score0.00444EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2024/01/18 12:0 a.m.•4 views

The vulnerability of the `sysScheduleRebootSet` function in the wireless access point software of Tenda i29 allows a intruder to execute arbitrary code.

The vulnerability of the sysScheduleRebootSet function in the wireless access point software of Tenda i29 involves insufficient measures taken to protect input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.2AI score0.02292EPSS

Exploits1References4Affected Software1

OSV•added 2023/10/16 2:20 p.m.•13 views

GHSA-HV79-P62R-WG3P Cachet vulnerable to Authenticated Remote Code Execution

Summary A template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Within /cachet/app/Http/Routes/ApiRoutes.php, and attacker could control template input which is passed to laravel's dispatched...

9.1CVSS9AI score0.46904EPSS

Exploits1References4

ICS•added 2023/09/19 6:0 a.m.•42 views

Omron Engineering Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION : Low attack complexity Vendor : Omron Equipment : Sysmac Studio Vulnerability : Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS...

7.8CVSS7.3AI score0.00249EPSS

Exploits0References8

BDU FSTEC•added 2022/12/02 12:0 a.m.•7 views

The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the web interface for managing Cisco Firepower Management Center FMC software involves a lack of measures to protect input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

4.8CVSS5.3AI score0.00446EPSS

Exploits0References4Affected Software1

RedHat Linux•added 2022/07/07 2:19 p.m.•2 views

springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

4.3CVSS6.8AI score0.00855EPSS

Exploits0References4

BDU FSTEC•added 2022/05/13 12:0 a.m.•5 views

The vulnerability of the input protection mechanism in Cisco Firepower Management Center (FMC) software allows a hacker to disclose the protected information.

The vulnerability of the input protection mechanism in Cisco Firepower Management Center FMC software is related to errors in processing incoming data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

5CVSS5.6AI score0.00863EPSS

Exploits0References2Affected Software1

OSV•added 2022/05/03 4:15 a.m.•5 views

CVE-2022-20744

A vulnerability in the input protection mechanisms of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a...

6.5CVSS6AI score0.00863EPSS

Exploits0References1

Prion•added 2022/05/03 4:15 a.m.•16 views

Authorization

4CVSS6.4AI score0.00863EPSS

Exploits0References1Affected Software1

CVE•added 2022/05/03 3:20 a.m.•93 views

CVE-2022-20744

CVE-2022-20744 affects Cisco Firepower Management Center (FMC). The issue is an input protection mechanism that relies on a specific input’s existence/value, allowing an authenticated, remote attacker to view data beyond their authorization by crafting requests to the affected device. Documented ...

6.5CVSS5.3AI score0.00863EPSS

Exploits0References1Affected Software1