CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4512 matches found

Tenable Nessus•added 2026/01/13 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-0878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7,...

8CVSS5.8AI score0.00288EPSS

Exploits0References2

Tenable Nessus•added 2026/01/13 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-0890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and...

5.4CVSS5.8AI score0.00261EPSS

Exploits0References2

Tenable Nessus•added 2026/01/12 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-22250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability ...

5.5CVSS5.8AI score0.00134EPSS

Exploits0References3

Vulnrichment•added 2026/01/08 2:0 p.m.•4 views

CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a...

9.4CVSS6.4AI score0.02169EPSS

Exploits1References1

Cvelist•added 2026/01/08 2:0 p.m.•21 views

CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username

9.4CVSS0.02169EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:14 a.m.•6 views

CVE-2024-2731

Users with low privileges all permissions deselected in the administrator permissions settings can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users c...

5.4CVSS6.6AI score0.00375EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:12 a.m.•4 views

CVE-2024-2730

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available...

5.3CVSS7.1AI score0.00513EPSS

Exploits0References1

Tenable Nessus•added 2026/01/07 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-13034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify...

5.9CVSS6.7AI score0.00227EPSS

Exploits0References3

Positive Technologies•added 2026/01/06 12:0 a.m.•8 views

PT-2026-1521

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-713RE version 1.02 Description A flaw exists in TRENDnet TEW-713RE that allows for remote operating system command injection. The issue is located in the /goformX/formFSrvX file, specifically through manipulation of the SZCMD...

10CVSS9.6AI score0.12113EPSS

Exploits1References18

Tenable Nessus•added 2026/01/05 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-54203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix slab-out-of-bounds in initsmb2rsphdr When smb1 mount fails, KASAN detect slab-out-of-bounds in initsmb2rsphdr like the following one. For smb1...

5.8AI score0.00168EPSS

Exploits0References2

RedhatCVE•added 2026/01/03 6:59 p.m.•6 views

CVE-2026-21432

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...

8.2CVSS6.1AI score0.00162EPSS

Exploits1References1

NVD•added 2026/01/02 7:15 p.m.•2 views

CVE-2026-21431

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

5.4CVSS0.00162EPSS

Exploits1References1

OSV•added 2026/01/02 6:44 p.m.•3 views

CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...

8.3CVSS6.5AI score0.00151EPSS

Exploits1References3

NVD•added 2026/01/02 6:15 p.m.•4 views

CVE-2026-21429

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

5.1CVSS0.00204EPSS

Exploits1References1

Vulnrichment•added 2026/01/02 5:23 p.m.•4 views

CVE-2026-21429 Emlog has Broken Access Control (BAC)

5.1CVSS6.4AI score0.00204EPSS

Exploits1References1

Positive Technologies•added 2026/01/02 12:0 a.m.•7 views

PT-2026-1113

Name of the Vulnerable Software and Affected Versions Emlog version 2.5.23 Description Emlog is a website building system. In version 2.5.23, administrators can configure controls that prevent users from editing or deleting their articles after they are published. No patched versions are currentl...

5.1CVSS6.5AI score0.00204EPSS

Exploits1References4

Positive Technologies•added 2026/01/02 12:0 a.m.•6 views

PT-2026-1055

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 that allows for remote code execution. The issue stems from a SQL injection point within an unknown function in the /kp/PrintZPYG.jsp file. Specifically, manipulating the...

9.8CVSS8.4AI score0.00345EPSS

Exploits1References10

Tenable Nessus•added 2025/12/31 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2023-54300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 wifi: ath9k: avoid uninit memory read in...

6.1AI score0.00195EPSS

Exploits0References3

Tenable Nessus•added 2025/12/31 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-54218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: Fix load-tearing on sk-skstamp in sockrecvcmsgs. KCSAN found a data race in sockrecvcmsgs where the read access to sk-skstamp needs READONCE. BUG: KCSAN:...

6.1AI score0.00177EPSS

Exploits0References3

Tenable Nessus•added 2025/12/31 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2023-54176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: stricter state check in mptcpworker As reported by Christoph, the mptcp protocol can run the worker when the relevant msk socket is in an unexpected stat...

5.8AI score0.00168EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by