CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

341 matches found

Tenable Nessus•added 2026/04/08 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-22675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary...

6.1CVSS6.1AI score0.00062EPSS

Exploits0References3

RedhatCVE•added 2026/04/07 11:1 p.m.•1 views

CVE-2026-22675

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

6.1CVSS6AI score0.00062EPSS

Exploits0References1

NVD•added 2026/04/06 10:16 p.m.•0 views

CVE-2026-22675

6.1CVSS0.00062EPSS

Exploits0References3

OSV•added 2026/04/06 10:16 p.m.•0 views

DEBIAN-CVE-2026-22675

6.1CVSS6AI score0.00062EPSS

Exploits0References1

UbuntuCve•added 2026/04/06 10:16 p.m.•0 views

CVE-2026-22675

6.1CVSS6AI score0.00062EPSS

Exploits0References4

ATTACKERKB•added 2026/04/06 9:19 p.m.•2 views

CVE-2026-22675

6.1CVSS6AI score0.00062EPSS

Exploits0References4

CVE•added 2026/04/06 9:19 p.m.•7 views

CVE-2026-22675

OCS Inventory NG Server (versions up to 2.12.3) is affected by a stored XSS in the User-Agent header submitted to the /ocsinventory endpoint. The issue stems from improper sanitization/encoding when rendering user-supplied User-Agent values in the statistics dashboard, enabling arbitrary JavaScri...

6.1CVSS6.2AI score0.00062EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/06 9:19 p.m.•18 views

CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent

5.4CVSS0.00062EPSS

Exploits0References3

NVD•added 2025/12/19 9:15 p.m.•1 views

CVE-2023-53947

OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...

8.5CVSS0.00015EPSS

Exploits0References3

OSV•added 2025/12/19 9:15 p.m.•1 views

CVE-2023-53947

8.5CVSS5.9AI score

Exploits0References3

CVE•added 2025/12/19 9:5 p.m.•6 views

CVE-2023-53947

OCS Inventory NG 2.3.0.0 is affected by an unquoted service path vulnerability that enables local privilege escalation. An attacker can place a malicious executable in the unquoted service path and trigger a restart to execute code with SYSTEM privileges. Multiple connected sources corroborate th...

8.5CVSS7AI score0.00015EPSS

Exploits0References3

Vulnrichment•added 2025/12/19 9:5 p.m.•1 views

CVE-2023-53947 OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation

8.5CVSS7AI score0.00015EPSS

Exploits0References3

Cvelist•added 2025/12/19 9:5 p.m.•19 views

CVE-2023-53947 OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation

8.5CVSS0.00015EPSS

Exploits0References3

Positive Technologies•added 2025/12/19 12:0 a.m.•1 views

PT-2025-52518

Name of the Vulnerable Software and Affected Versions OCS Inventory NG version 2.3.0.0 Description The software contains an unquoted service path vulnerability. This allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service...

8.5CVSS7.1AI score0.00015EPSS

Exploits0References6

CNNVD•added 2025/12/19 12:0 a.m.•2 views

OCS Inventory NG 代码问题漏洞

OCS Inventory NG is an open source IT asset management solution. A code issue vulnerability exists in OCS Inventory NG version 2.3.0.0, which stems from unquoted service paths and could lead to elevation of privilege...

8.5CVSS6.9AI score0.00015EPSS

Exploits0References4