CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

87255 matches found

GithubExploit•added 2026/05/30 11:44 a.m.•83 views

Exploit for CVE-2026-43494

SLEY — PinTheft PoC CVE-2026-43494 Proof o...

7.8CVSS5.9AI score0.00013EPSS

Exploits2

IBM Security Bulletins•added 2026/05/30 10:45 a.m.•12 views

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to Buffer overflow in OMR

Summary There is a Buffer overflow vulnerability in OMR allows denial-of-service in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager TADDM. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release...

9.8CVSS7.6AI score0.00025EPSS

Exploits0Affected Software1

GithubExploit•added 2026/05/30 9:4 a.m.•89 views

Exploit for Reliance on Cookies without Validation and Integrity Checking in Paloaltonetworks Pan-Os

🚨 CVE-2026-0257 - Authentication Bypass Vulnerabilities...

9.1CVSS6AI score0.58788EPSS

Exploits7

IBM Security Bulletins•added 2026/05/30 8:58 a.m.•16 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Lodash and Lodash-es (CVE-2025-13465)

Summary A prototype pollution vulnerability in the Lodash and Lodash-es libraries CVE-2025-13465 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 4.18.0. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...

7.9CVSS6.6AI score0.00028EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/30 8:58 a.m.•9 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Next.js (CVE-2025-48068)

Summary A vulnerability involving cross-site WebSocket hijacking in the Next.js framework CVE-2025-48068 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 15.5.15. Vulnerability Details CVEID:CVE-2025-48068 DESCRIPTION: Next.js is a React framework for buildin...

4.3CVSS5.8AI score0.00101EPSS

Exploits0Affected Software1

GithubExploit•added 2026/05/30 6:57 a.m.•51 views

Exploit for CVE-2025-5947

CVE-2025-5947 CVE-2025-5947 WordPress Service Finder Bookings...

9.8CVSS5.8AI score0.61701EPSS

Exploits2

GithubExploit•added 2026/05/30 4:51 a.m.•80 views

Exploit for SQL Injection in Litellm

CVE-2026-42208 — LiteLLM Pre-Authentication SQL Injection A l...

9.8CVSS6.1AI score0.6259EPSS

Exploits5

Nuclei•added 18 hours ago•156 views

ManageEngine OpManager - Directory Traversal

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. id: CVE-2023-47211 info: name: ManageEngine...

9.1CVSS7.9AI score0.7615EPSS

Exploits1References3

Nuclei•added 18 hours ago•46 views

OpenCMS 14 & 15 - Cross Site Scripting

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. id: CVE-2023-6379 info: name: OpenCMS 14 & 15 - Cross Site Scripting author: msegoviag severity: medium description: | Cross-site scripting XSS vulnerability in Alkacon...

6.1CVSS6.2AI score0.18616EPSS

Exploits0References5

Nuclei•added yesterday•54 views

pyload - Log Injection

A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. id: CVE-2024-21645 info: name: pyload - Log Injection author: isacaya severity: medium description: | A log injection...

5.3CVSS6AI score0.69097EPSS

Exploits1References3

Nuclei•added 18 hours ago•45 views

Linksys E2000 1.0.06 position.js Improper Authentication

Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. id: CVE-2024-27497 info: name: Linksys E2000 1.0.06 position.js Improper Authentication author: DhiyaneshDk severity: high description: | Linksys E2000 Ver.1.0.06 build 1 is vulnerable to...

8.8CVSS7.8AI score0.81918EPSS

Exploits0References4

Nuclei•added 18 hours ago•31 views

SquirrelMail 1.4.x - Folder Name Cross-Site Scripting

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. id: CVE-2004-0519 info: name: SquirrelMail 1.4.x -...

6.8CVSS5.7AI score0.00189EPSS

Exploits1References5

Nuclei•added 18 hours ago•19 views

Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS

Multiple cross-site scripting XSS vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 redirect parameter to member.php, 2 to parameter to myhome.php 3 TID parameter to post.php, or 4 redirect parameter to...

4.3CVSS5.4AI score0.00265EPSS

Exploits3References5

Nuclei•added 18 hours ago•27 views

Cofax <=2.0RC3 - Cross-Site Scripting

Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. id: CVE-2005-4385 info: name: Cofax =2.0RC3 - Cross-Site Scripting author: geeknik severity: medium descriptio...

4.3CVSS5.4AI score0.00274EPSS

Exploits0References4

Nuclei•added 18 hours ago•32 views

Horde Groupware Unauthenticated Admin Access

Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account wi...

10CVSS5.5AI score0.1015EPSS

Exploits0References5

Nuclei•added 18 hours ago•77 views

SAP Web Application Server 6.x/7.0 - Open Redirect

frameset.htm in the BSP runtime in SAP Web Application Server WAS 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. id: CVE-2005-3634 info: name: SAP Web...

5CVSS5.7AI score0.01653EPSS

Exploits1References6

Nuclei•added 18 hours ago•39 views

Cherokee HTTPD <=0.5 - Cross-Site Scripting

Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...

4.3CVSS5.4AI score0.0041EPSS

Exploits1References4

Nuclei•added 18 hours ago•28 views

Jira Rainbow.Zen - Cross-Site Scripting

Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter. id: CVE-2007-0885 info: name: Jira Rainbow.Zen - Cross-Site Scripting author: geeknik severity: medium...

6.8CVSS5.4AI score0.01595EPSS

Exploits0References3

Nuclei•added 18 hours ago•28 views

OpenSymphony XWork/Apache Struts2 - Remote Code Execution

Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression when altSyntax is enabled, which allows remote attackers to cause a denial of service infini...

6.8CVSS6AI score0.02109EPSS

Exploits0References5

Nuclei•added 2 days ago•477 views

Javafaces LFI

An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware...

5CVSS5.5AI score0.86817EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by