CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

65 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-19109

Malware in sbrugna...

6.5CVSS6.4AI score0.01121EPSS

Exploits5References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-54327

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00621EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 4:34 p.m.•6 views

CVE-2020-26806

admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code...

8.8CVSS7.6AI score0.05967EPSS

Exploits3

RedhatCVE•added 2025/05/22 4:34 p.m.•16 views

CVE-2020-26564

ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have !ENTITY content, create a .xml file for a generic survey template containing a link to this .css file, and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey'importFile'...

6.5CVSS6.8AI score0.01121EPSS

Exploits5

RedhatCVE•added 2025/05/22 4:13 p.m.•8 views

CVE-2020-26565

ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data...

7.5CVSS7.1AI score0.01724EPSS

Exploits3

RedhatCVE•added 2025/05/22 3:55 p.m.•5 views

CVE-2020-26563

ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. There is also stored XSS if input to survey/admin/.do is accepted from untrusted users...

6.1CVSS5.6AI score0.00984EPSS

Exploits2

NVD•added 2024/02/01 10:15 p.m.•23 views

CVE-2023-4472

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator PRNG coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application...

9.8CVSS9.6AI score0.00621EPSS

Exploits0References2

CVE•added 2024/02/01 10:11 p.m.•67 views

CVE-2023-4472

Objectplanet Opinio 7.22 and earlier are affected by a cryptographically weak PRNG with a predictable seed, enabling unauthenticated takeover of any user’s account. Root cause: weak PRNG in Opinio’s code path. Impact: high confidentiality, integrity, and availability risk via network attack; no u...

9.8CVSS9.3AI score0.00621EPSS

Exploits0References2Affected Software1

CNNVD•added 2024/02/01 12:0 a.m.•5 views

Objectplanet Opinio Security Vulnerability

ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in Objectplanet Opinio 7.22 and earlier versions, which stems from Ben's use of a cryptographically weak pseudo-random number generator PRNG with predictable seeding, which could lead to the...

9.8CVSS6.8AI score0.00621EPSS

Exploits0References4

Positive Technologies•added 2024/02/01 12:0 a.m.•5 views

PT-2024-13199 · Objectplanet · Objectplanet Opinio

Name of the Vulnerable Software and Affected Versions: Objectplanet Opinio versions 7.22 and prior Description: The issue is related to the use of a cryptographically weak pseudo-random number generator PRNG coupled to a predictable seed, which could lead to an unauthenticated account takeover of...

9.8CVSS9.2AI score0.00621EPSS

Exploits0References8

OSV•added 2021/07/31 5:15 p.m.•3 views

CVE-2020-26806

8.8CVSS6AI score0.05967EPSS

Exploits3References2

NVD•added 2021/07/31 5:15 p.m.•14 views

CVE-2020-26806

8.8CVSS0.05967EPSS

Exploits3References2

NVD•added 2021/07/31 5:15 p.m.•27 views

CVE-2020-26564

6.5CVSS0.01121EPSS

Exploits5References2

Prion•added 2021/07/31 5:15 p.m.•15 views

Design/Logic Flaw

6.5CVSS8.8AI score0.05967EPSS

Exploits3References2Affected Software1

Prion•added 2021/07/31 5:15 p.m.•13 views

Design/Logic Flaw

ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data...

5CVSS7.7AI score0.01724EPSS

Exploits3References2Affected Software1

Prion•added 2021/07/31 5:15 p.m.•18 views

Code injection

4CVSS6.4AI score0.01121EPSS

Exploits5References2Affected Software1

CVE•added 2021/07/31 4:43 p.m.•113 views

CVE-2020-26565

ObjectPlanet Opinio before 7.14 is vulnerable to an Expression Language Injection via the admin/permissionList.do parameter, allowing retrieval of potentially sensitive serverInfo data. The issue affects Opinio versions prior to 7.14; remediation is upgrading to 7.14 or later. PoCs and public wri...

7.5CVSS7.6AI score0.01724EPSS

Exploits3References2Affected Software1

Cvelist•added 2021/07/31 4:28 p.m.•42 views

CVE-2020-26564

6.5AI score0.01121EPSS

Exploits5References2

CVE•added 2021/07/31 4:28 p.m.•122 views

CVE-2020-26564

ObjectPlanet Opinio is affected by XXE in versions before 7.15. The vulnerability arises from a sequence where an attacker modifies a CSS file to include an ENTITY, creates an XML that references that CSS, and imports the XML via the survey admin interface, enabling an XXE that can be triggered d...

6.5CVSS6.7AI score0.01121EPSS

Exploits5References2Affected Software1

CVE•added 2021/07/31 4:13 p.m.•106 views

CVE-2020-26806

ObjectPlanet Opinio is affected by CVE-2020-26806 in versions before 7.15. The vulnerability allows Unrestricted File Upload of executable JSP files via admin/file.do, enabling remote code execution because filePath can be traversed and fileContent can contain JSP. The issue is demonstrated as an...

8.8CVSS8.9AI score0.05967EPSS

Exploits3References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by