CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54722 matches found

GithubExploit•added 2026/02/06 9:47 p.m.•206 views

Exploit for CVE-2025-67435

CVE-2025-67435 Researcher : Chowdhury Faizal Ahammed...

7.3AI score

Exploits2

OSV•added 2026/02/06 9:30 p.m.•3 views

GHSA-27JC-JMP8-QFW5 Duplicate Advisory: Keylime Missing Authentication for Critical Function and Improper Authentication

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jqp-9qjv-57m2. This link is maintained to preserve external references. Original Description A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Laye...

9.4CVSS5.4AI score0.05805EPSS

Exploits0References6

OSV•added 2026/02/06 9:16 p.m.•8 views

CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

6.4CVSS5.7AI score0.0023EPSS

Exploits1References5

NVD•added 2026/02/06 8:16 p.m.•9 views

CVE-2026-1709

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS0.05805EPSS

Exploits0References5

OSV•added 2026/02/06 8:16 p.m.•3 views

CVE-2026-1709

9.8CVSS5.7AI score0.05805EPSS

Exploits0References5

OSV•added 2026/02/06 8:16 p.m.•8 views

PYSEC-2026-74

9.8CVSS5.8AI score0.05805EPSS

Exploits0References6

Cvelist•added 2026/02/06 7:13 p.m.•28 views

CVE-2026-1709 Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication

9.4CVSS0.05805EPSS

Exploits0References5

EUVD•added 2026/02/06 7:13 p.m.•3 views

EUVD-2026-5599

9.4CVSS5.3AI score0.05805EPSS

Exploits0References2

ATTACKERKB•added 2026/02/06 7:13 p.m.•3 views

CVE-2026-1709

9.4CVSS5.4AI score0.05805EPSS

Exploits0References6

CVE•added 2026/02/06 7:13 p.m.•28 views

CVE-2026-1709

CVE-2026-1709 concerns the Keylime registrar. Affected are 7.12.0 through 7.13.0, where the registrar does not enforce client TLS authentication, enabling unauthenticated network access to administrative endpoints (e.g., listing agents, retrieving public TPM data, deleting agents). Reported CVSS ...

9.8CVSS5.4AI score0.05805EPSS

Exploits0References5Affected Software8

Snyk•added 2026/02/06 6:24 p.m.•4 views

SQL Injection

Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the idrecords parameter in the bulk module. An attacker can extract sensitive database contents, including user...

8.8CVSS6.1AI score0.00356EPSS

Exploits3References2

Github Security Blog•added 2026/02/06 6:19 p.m.•7 views

OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module

Summary Critical Time-Based Blind SQL Injection vulnerability in the article pricing module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer data, and financial records through time-based Boolean inference attacks...

8.7CVSS6AI score0.00366EPSS

Exploits3References3Affected Software1

OSV•added 2026/02/06 6:19 p.m.•2 views

GHSA-P864-FQGV-92Q4 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module

8.7CVSS6.1AI score0.00366EPSS

Exploits3References3

NVD•added 2026/02/06 6:15 p.m.•4 views

CVE-2026-24419

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module's add.php file. The application fails to validate that comma-separated...

8.7CVSS0.00344EPSS

Exploits3References1

Vulnrichment•added 2026/02/06 6:7 p.m.•2 views

CVE-2026-24417 OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...

8.7CVSS5.9AI score0.00366EPSS

Exploits3References1

EUVD•added 2026/02/06 6:5 p.m.•2 views

EUVD-2026-5639

8.7CVSS5.9AI score0.00344EPSS

Exploits3References1

OSV•added 2026/02/06 6:5 p.m.•2 views

CVE-2026-24419 OpenSTAManager has an SQL Injection in the Prima Nota module

8.7CVSS6AI score0.00344EPSS

Exploits3References3

OSV•added 2026/02/06 3:57 p.m.•5 views

OESA-2026-1325 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a...

8.6CVSS6.7AI score0.00557EPSS

Exploits0References3

OSV•added 2026/02/06 3:54 p.m.•7 views

OESA-2026-1301 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

8.4CVSS5.8AI score0.00387EPSS

Exploits1References2

OSV•added 2026/02/06 3:54 p.m.•5 views

OESA-2026-1302 gnupg2 security update

8.4CVSS5.8AI score0.00387EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by