CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

171 matches found

OSV•added 2026/05/20 12:0 a.m.•1 views

UBUNTU-CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

6.3CVSS5.8AI score0.00014EPSS

Exploits0References5

Tenable Nessus•added 2026/03/20 12:0 a.m.•3 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Net-CIDR vulnerability (USN-8110-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8110-1 advisory. Dave Rolsky discovered that Net-CIDR did not properly sanitize IP addresses. An attacker could possibl...

6.5CVSS5.9AI score0.00072EPSS

Exploits0References2

Snyk•added 2026/02/25 6:2 p.m.•4 views

User Impersonation

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to User Impersonation via the getConnInfo function in the adapter/aws-lambda/conninfo.ts‎ file. An attacker can gain unauthorized access to resources protected by IP-based access controls by...

8.8CVSS6AI score0.00008EPSS

Exploits0References2

CVE•added 2026/02/09 3:16 a.m.•6 views

CVE-2025-66602

CVE-2025-66602 affects Yokogawa FAST/TOOLS, specifically FAST/TOOLS packages RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB, versions R9.01 to R10.04. The description indicates a worm-like attack scenario via a web server that accepts IP-based access, but the connected documents do not provide further tec...

9.8CVSS5.2AI score0.00065EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 10:35 a.m.•7 views

CVE-2017-18899

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting...

5.3CVSS7AI score0.00377EPSS

Exploits0References1

SUSE CVE•added 2026/01/06 12:25 a.m.•2 views

SUSE CVE-2025-66508

1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration which trusts all IP addresses as proxies TrustedProxies = 0.0.0.0/0, allowing any client to spoof the X-Forwarded-For header. Since all IP-based access controls...

6.5CVSS6.9AI score0.00043EPSS

Exploits0References2

Cvelist•added 2025/12/12 9:23 a.m.•25 views

CVE-2025-26866 Apache HugeGraph-Server: RAFT and deserialization vulnerability

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

0.03445EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-6141

Malware in sbrugna...

9.3CVSS6.1AI score0.0298EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-2862

Malware in sbrugna...

6.8CVSS6.4AI score0.01257EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-9989

Malware in sbrugna...

5.3CVSS5.6AI score0.00377EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-28354

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.0017EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-15290

Malicious code in bioql PyPI...

4.8CVSS9.2AI score0.00253EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-30494

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.0003EPSS

Exploits0References2

RedhatCVE•added 2025/09/24 6:31 p.m.•3 views

CVE-2025-58960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brijeshk89 IP Based Login ip-based-login allows Stored XSS.This issue affects IP Based Login: from n/a through = 2.4.3...

5.9CVSS5.9AI score0.0003EPSS

Exploits0References1

NVD•added 2025/09/22 7:16 p.m.•5 views

CVE-2025-58960

5.9CVSS0.0003EPSS

Exploits0References1

Patchstack•added 2025/09/22 6:35 p.m.•4 views

WordPress IP Based Login Plugin <= 2.4.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by R1sky in WordPress Plugin IP Based Login versions = 2.4.3...

5.9CVSS6AI score0.0003EPSS

Exploits0Affected Software1

Cvelist•added 2025/09/22 6:26 p.m.•8 views

CVE-2025-58960 WordPress IP Based Login Plugin <= 2.4.3 - Cross Site Scripting (XSS) Vulnerability

5.9CVSS0.0003EPSS

Exploits0References1

Positive Technologies•added 2025/09/22 12:0 a.m.•3 views

PT-2025-39025

Name of the Vulnerable Software and Affected Versions IP Based Login versions through 2.4.3 Description An issue exists in IP Based Login that allows for Stored Cross-site Scripting XSS. The flaw is due to improper neutralization of input during web page generation. This can allow an attacker to...

5.9CVSS6.1AI score0.0003EPSS

Exploits0References4

OSV•added 2025/09/17 6:15 a.m.•3 views

CVE-2025-10042

The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score

Exploits0References4

Packet Storm News•added 2025/09/10 12:0 a.m.•3 views

Overcoming DNSSEC Islands of Security: a TLS and IP-Based Certificate Solution

The Domain Name System DNS serves as the backbone of the Internet, primarily translating domain names to IP addresses. Over time, various enhancements have been introduced to strengthen the integrity of DNS. Among these, DNSSEC stands out as a leading cryptographic solution. It protects against...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by