CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

Hongdian H8922 3.0.5 Devices - Local File Inclusion

Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out wi...

6.5CVSS6.8AI score0.13751EPSS

Exploits1References5

CVE•added yesterday•21 views

CVE-2026-47693

CVE-2026-47693 details (Poweradmin) : Poweradmin, a web-based DNS admin tool for PowerDNS, is vulnerable to CSV Injection in its log export endpoints. User-supplied data (notably the username) is written to exported CSVs without sanitizing formula trigger characters (=, +, -, @). When an admin ex...

6.9CVSS5.9AI score0.00036EPSS

Exploits0References3

ATTACKERKB•added yesterday•2 views

CVE-2026-47693

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

6.9CVSS5.9AI score0.00036EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/06/15 12:0 a.m.•26 views

CVE-2026-39007

An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component...

0.00375EPSS

Exploits0References1

CVE•added 2026/06/15 12:0 a.m.•11 views

CVE-2026-39007

Technical details about CVE-2026-39007 are not publicly available in the provided documents. Monitor for updates from vendors and advisories.

7.5CVSS5.4AI score0.00375EPSS

Exploits0References1

OSV•added 2026/06/08 11:4 p.m.•5 views

GHSA-3H6H-67X3-CV5X Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...

6.9CVSS5.5AI score0.00036EPSS

Exploits0References4

Github Security Blog•added 2026/06/08 11:4 p.m.•10 views

Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

6.9CVSS5.5AI score0.00036EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/06/08 12:0 a.m.•8 views

PT-2026-47544

6.9CVSS5.5AI score

Exploits0References5

Positive Technologies•added 2026/06/08 12:0 a.m.•12 views

PT-2026-47615

Name of the Vulnerable Software and Affected Versions Poweradmin versions prior to 4.2.4 Poweradmin versions prior to 4.3.3 Poweradmin version 4.4.0 Description The log export functionality is susceptible to CSV Injection Formula Injection, which occurs when user-controlled data is written to...

6.9CVSS5.9AI score0.00036EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:45 p.m.•7 views

CVE-2026-31924

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.3CVSS5.4AI score0.00238EPSS

Exploits0References1

EUVD•added 2026/05/28 6:45 a.m.•10 views

EUVD-2026-32735

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.0025EPSS

Exploits0References11

Positive Technologies•added 2026/05/28 12:0 a.m.•11 views

PT-2026-44202

4.3CVSS5.8AI score0.0025EPSS

Exploits0References12

OSV•added 2026/04/16 11:36 p.m.•4 views

BIT-APISIX-2026-31924 Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP

5.3CVSS5.7AI score0.00238EPSS

Exploits0References3

NVD•added 2026/04/14 9:16 a.m.•10 views

CVE-2026-31924

5.3CVSS0.00238EPSS

Exploits0References2

CVE•added 2026/04/14 8:8 a.m.•8 views

CVE-2026-31924

Summary: CVE-2026-31924 affects Apache APISIX due to cleartext transmission of sensitive information in the tencent-cloud-cls log export feature. Affected versions are 2.99.0 through 3.15.0. The issue enables plaintext HTTP exposure for logs/telemetry as described in connected advisories. Impact ...

5.3CVSS5.8AI score0.00238EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/14 8:8 a.m.•20 views

CVE-2026-31924 Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP

0.00238EPSS

Exploits0References1

EUVD•added 2026/04/14 8:8 a.m.•2 views

EUVD-2026-22227

5.3CVSS5.8AI score0.00238EPSS

Exploits0References1

Vulnrichment•added 2026/04/14 8:8 a.m.•1 views

CVE-2026-31924 Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP

5.8AI score0.00238EPSS

Exploits0References1

CNNVD•added 2026/04/14 12:0 a.m.•4 views

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service provided by the Apache Foundation in the United States. This software is implemented based on OpenResty and etcd, featuring dynamic routing and hot loading of plugins. It is suitable for API management within microservice systems...

5.3CVSS5.8AI score0.00238EPSS

Exploits0References2

Positive Technologies•added 2026/04/14 12:0 a.m.•1 views

PT-2026-32603

5.3CVSS5.8AI score0.00238EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by