CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

626 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: kirkwood – Fixed potential NULL dereferencing issues. In kirkwooddmahwparams, mvmbusdraminfo returns NULL if the CONFIGPLATORION macro is not defined. This bug has been fixed by adding a NULL check. Identified by the Linux...

4.4CVSS6AI score0.00024EPSS

Exploits0References2

Nuclei•added 2026/04/21 6:0 a.m.•53 views

SolarWinds Orion API - Auth Bypass

SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance...

9.8CVSS7.7AI score0.94345EPSS

Exploits3References5

OSSF Malicious Packages•added 2026/02/27 12:4 p.m.•4 views

Malicious code in @zinley/orion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb5209e6394eac2659ab3101809c2a59bf59a604346075a9d923de21d982812e The package @zinley/orion was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score

Exploits0

OSV•added 2026/02/27 12:4 p.m.•1 views

MAL-2026-1060 Malicious code in @zinley/orion (npm)

5.9AI score

Exploits0

The Hacker News•added 2026/01/09 9:11 a.m.•7 views

CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday said it's retiring 10 emergency directives Eds that were issued between 2019 and 2024. The list of the directives now considered closed is as follows - ED 19-01: Mitigate DNS Infrastructure Tampering ED 20-02: Mitigate...

6.8AI score

Exploits0

RedhatCVE•added 2026/01/09 8:53 a.m.•3 views

CVE-2021-27258

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper...

9.8CVSS7.1AI score0.08643EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:53 a.m.•3 views

CVE-2021-27277

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

7.8CVSS7.2AI score0.02208EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:50 a.m.•6 views

CVE-2021-31475

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF...

9CVSS7.3AI score0.10819EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:28 a.m.•7 views

CVE-2019-12864

SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us=false query parameter...

5.5CVSS6.9AI score0.00223EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:27 a.m.•5 views

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

5.4CVSS5.9AI score0.02887EPSS

Exploits1References1

RedhatCVE•added 2025/12/02 6:3 a.m.•2 views

CVE-2025-13809

A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...

6.5CVSS6.3AI score0.00034EPSS

Exploits1References1

RedhatCVE•added 2025/12/02 5:24 a.m.•4 views

CVE-2025-13807

A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...

5.3CVSS6.6AI score0.00032EPSS

Exploits1References1

OSV•added 2025/12/01 6:15 a.m.•0 views

CVE-2025-13809

6.5CVSS5.3AI score

Exploits0References5

NVD•added 2025/12/01 6:15 a.m.•1 views

CVE-2025-13809

6.5CVSS0.00034EPSS

Exploits1References5

Vulnrichment•added 2025/12/01 5:32 a.m.•2 views

CVE-2025-13809 orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery

6.5CVSS6.1AI score0.00034EPSS

Exploits1References5

Cvelist•added 2025/12/01 5:32 a.m.•7 views

CVE-2025-13809 orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery

6.5CVSS0.00034EPSS

Exploits1References5

OSV•added 2025/12/01 5:16 a.m.•0 views

CVE-2025-13808

A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This...

8.8CVSS5.3AI score0.00049EPSS

Exploits1References5

NVD•added 2025/12/01 5:16 a.m.•1 views

CVE-2025-13807

5.3CVSS0.00032EPSS

Exploits1References5

OSV•added 2025/12/01 5:16 a.m.•0 views

CVE-2025-13807

4.3CVSS5.4AI score

Exploits0References5