CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

245 matches found

NVD•added 2026/03/11 3:15 a.m.•3 views

CVE-2026-21310

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue does not require user...

5.3CVSS0.00408EPSS

Exploits0References1

ATTACKERKB•added 2026/03/11 2:19 a.m.•4 views

CVE-2026-21291

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Exploitation of this...

4.8CVSS5.8AI score0.0009EPSS

Exploits0References2

Positive Technologies•added 2026/03/11 12:0 a.m.•1 views

PT-2026-24563

5.3CVSS5.8AI score0.00408EPSS

Exploits0References2

NVD•added 2026/02/03 10:16 p.m.•2 views

CVE-2020-37080

webTareas 2.0.p8 contains a file deletion vulnerability in the printlayout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through ...

9.8CVSS0.00067EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 11:51 a.m.•5 views

CVE-2009-4998

The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass...

2.6CVSS7AI score0.0016EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:49 a.m.•6 views

CVE-2009-4999

Cross-site scripting XSS vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field...

4.3CVSS5.8AI score0.00202EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:53 a.m.•3 views

CVE-2022-33085

ESPCMS P8 was discovered to contain an authenticated remote code execution RCE vulnerability via the fetchfilename function at \espcmspublic\espcmstemplates\ESPCMSTemplates...

7.2CVSS8.2AI score0.02516EPSS

Exploits1References1