CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

428 matches found

CVE-2026-7312

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to...

10CVSS5.8AI score0.00032EPSS

Exploits0References1

RedhatCVE•added yesterday•2 views

CVE-2026-7195

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...

8.8CVSS5.8AI score0.00053EPSS

Exploits0References1

RedHat Linux•added 2 days ago•5 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS6AI score0.00034EPSS

Exploits0References7

NVD•added 2 days ago•5 views

CVE-2026-7195

8.8CVSS0.00053EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•6 views

CVE-2026-7312

10CVSS5.8AI score0.00032EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2 days ago•4 views

CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

10CVSS5.8AI score0.00032EPSS

Exploits0References1

EUVD•added 2 days ago•6 views

EUVD-2026-33918

10CVSS5.8AI score0.00084EPSS

Exploits0References1

Positive Technologies•added 2 days ago•5 views

PT-2026-45762

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 14.0.7700 through 14.4.8152 Progress Sitefinity versions 15.0.8200 through 15.0.8234 Progress Sitefinity versions 15.1.8300 through 15.1.8335 Progress Sitefinity versions 15.2.8400 through 15.2.8441 Progress...

10CVSS5.8AI score0.00032EPSS

Exploits0References4

Positive Technologies•added 2 days ago•6 views

PT-2026-45763

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with...

8.7CVSS5.8AI score0.00035EPSS

Exploits0References2

Positive Technologies•added 2 days ago•7 views

PT-2026-45759

8.8CVSS5.8AI score0.00053EPSS

Exploits0References2

NVD•added 2026/05/25 7:16 a.m.•8 views

CVE-2026-25193

Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...

8.1CVSS0.00013EPSS

Exploits0References1

Tenable Nessus•added 2026/05/22 12:0 a.m.•4 views

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016725)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016725 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. This could allows attackers with...

10CVSS7.6AI score0.94358EPSS

Exploits343References4

Tenable Nessus•added 2026/05/22 12:0 a.m.•4 views

Unity Linux 20.1060e / 20.1070e Security Update: lighttpd (UTSA-2026-016637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016637 advisory. In lighttpd 1.4.46 through 1.4.63, the modextforwardForwarded function of the modextforward plugin has a stack-based buffer overflow 4 bytes representing -1, as...

5.9CVSS6.6AI score0.01488EPSS

Exploits1References4

RedHat Linux•added 2026/05/19 6:37 p.m.•5 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

8.1CVSS6AI score0.00034EPSS

Exploits0References7

SUSE CVE•added 2026/05/19 1:51 a.m.•9 views

SUSE CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

9.8CVSS5.7AI score0.00012EPSS

Exploits0References3

OSV•added 2026/05/13 4:16 p.m.•2 views

DEBIAN-CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.8AI score0.00029EPSS

Exploits0References1

EUVD•added 2026/05/08 9:40 p.m.•7 views

EUVD-2026-28838

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS5.8AI score0.00116EPSS

Exploits0References4