CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/01/05 2:31 p.m.•6 views

EUVD-2026-0848

Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie Awie import module allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0...

9.8CVSS6.5AI score0.00373EPSS

OSV•added 2026/01/05 2:31 p.m.•4 views

CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component

9.8CVSS6.9AI score0.00373EPSS

Exploits0References4

Cvelist•added 2026/01/05 2:31 p.m.•24 views

CVE-2025-15026 Unauthenticated configuration import allows administrative account creation using AWIE component

9.8CVSS0.00373EPSS

CVE•added 2026/01/05 2:31 p.m.•15 views

CVE-2025-15026

CVE-2025-15026 affects Centreon Infra Monitoring, specifically the centreon-awie (Awie import module). The root cause is a missing authentication check for a critical function, allowing access to functionality not properly constrained by ACLs. Affected versions are: 25.10.0–25.10.1 (before 25.10....

9.8CVSS6.6AI score0.00373EPSS

Exploits0References2Affected Software1

OSV•added 2026/01/05 11:40 a.m.•4 views

CLSA-2026-1767613214 httpd: Fix of CVE-2025-58098

CVE-2025-58098: fix modcgid to not pass arguments for SSI requests...

8.3CVSS7.1AI score0.015EPSS

Exploits0References1

NVD•added 2026/01/05 11:17 a.m.•10 views

CVE-2025-13056

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Administration ACL menu configuration modules allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, fro...

6.8CVSS0.00163EPSS

OSV•added 2026/01/05 11:8 a.m.•4 views

SUSE-SU-2026:0019-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 - CVE-2025-65082: Fixed CGI environment variable override bsc1254514 - CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 -...

8.3CVSS5.8AI score0.015EPSS

Exploits0References9

OSV•added 2026/01/05 10:6 a.m.•4 views

CVE-2025-5965 RCE via the backup feature available only to user with high privilege

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Centreon Infra Monitoring Backup configuration in the administration setup...

7.2CVSS6.8AI score0.24817EPSS

Exploits0References4

RedHat Linux•added 2026/01/05 5:19 a.m.•3 views

mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals

An integer overflow flaw has been discovered in the Apache HTTP server. The integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated...

7.5CVSS5.8AI score0.00402EPSS

RedHat Linux•added 2026/01/05 2:1 a.m.•1 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

RedHat Linux•added 2026/01/05 2:1 a.m.•0 views

mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals

7.5CVSS5.8AI score0.00402EPSS

RedHat Linux•added 2026/01/05 1:55 a.m.•2 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

Positive Technologies•added 2026/01/05 12:0 a.m.•8 views

PT-2026-1258

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 25.10.0 through 25.10.1 Centreon Infra Monitoring versions 24.10.0 through 24.10.14 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 Description A flaw exists in the backup parameters of Centreon...

7.2CVSS6.9AI score0.24817EPSS

Exploits0References8

Tenable Nessus•added 2026/01/05 12:0 a.m.•2 views

RHEL 7 : perl (RHSA-2026:0079)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0079 advisory. Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: CPAN.p...

8.1CVSS8AI score0.01561EPSS

Exploits1References5

Amazon•added 2026/01/05 12:0 a.m.•6 views

Medium: grub2

Issue Overview: A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory...

7.8CVSS6.6AI score0.0019EPSS

Exploits0

Tenable Nessus•added 2026/01/05 12:0 a.m.•3 views

RHEL 8 : httpd:2.4 (RHSA-2026:0010)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0010 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: modmd: Apache HTTP...

Tenable Nessus•added 2026/01/05 12:0 a.m.•4 views

Exploits0References6

RHEL 8 : httpd:2.4 (RHSA-2026:0009)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0009 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: modmd: Apache HTTP...