CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 6 days ago•31 views

CVE-2026-44962

Plesk: XPath injection in the APS Application Catalog search allows authenticated, low-privileged users to cause local privilege escalation by interpolating unsanitized input into XPath queries. Affected: Plesk APS Catalog search component. Root cause: inadequate input sanitization for XPath. Imp...

Vulnrichment•added 6 days ago•5 views

CVE-2026-44962

ATTACKERKB•added 6 days ago•5 views

CVE-2026-44962

Exploits0References2Affected Software1

EUVD•added 6 days ago•6 views

EUVD-2026-33344

Cvelist•added 6 days ago•24 views

CVE-2026-44962

9.9CVSS0.00035EPSS

CNNVD•added 6 days ago•4 views

Plesk 安全漏洞

Plesk is a web hosting control panel developed by the Swiss company Plesk. There is a security vulnerability in Plesk, which stems from XPath injection in the APS application directory search function. User input that is not properly cleaned and directly inserted into the XPath query could allow...

Positive Technologies•added 6 days ago•5 views

PT-2026-44902

Name of the Vulnerable Software and Affected Versions Plesk versions prior to 18.0.76.2 Plesk versions prior to 18.0.75.1 Description An XPath injection issue exists in the APS Application Catalog search functionality. This occurs because user-supplied input is interpolated into XPath queries...

RedhatCVE•added 2026/01/09 12:40 p.m.•1 views

Exploits0References8

CVE-2023-43784

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...

7.5CVSS6.9AI score0.00152EPSS

NVD•added 2026/01/08 7:15 p.m.•3 views

CVE-2025-65518

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service DoS condition. The vulnerability exists in the getpassword.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service...

7.5CVSS0.0006EPSS

OSV•added 2026/01/08 7:15 p.m.•2 views

CVE-2025-65518

7.5CVSS5.8AI score0.0006EPSS

Vulnrichment•added 2026/01/08 12:0 a.m.•1 views

CVE-2025-65518

6.4AI score0.0006EPSS

CNNVD•added 2026/01/08 12:0 a.m.•3 views

Plesk Obsidian 安全漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability exists in Plesk Obsidian versions 8.0.1 through 18.0.73, which stems from improper handling of malicious loads in the file getpassword.php, which could lead to a denial of service attack...

7.5CVSS6.5AI score0.0006EPSS

Cvelist•added 2026/01/08 12:0 a.m.•18 views

CVE-2025-65518

0.0006EPSS

Positive Technologies•added 2026/01/08 12:0 a.m.•2 views

PT-2026-1848

Name of the Vulnerable Software and Affected Versions Plesk Obsidian versions 8.0.1 through 18.0.73 Description Plesk Obsidian versions 8.0.1 through 18.0.73 are susceptible to a Denial of Service DoS condition. The issue resides in the get password.php API endpoint, where a specifically crafted...

7.5CVSS6.7AI score0.0006EPSS

Exploits0References7

CVE•added 2026/01/08 12:0 a.m.•9 views

CVE-2025-65518

Plesk Obsidian (versions 8.0.1 to 18.0.73) is affected by a Denial of Service in the get_password.php endpoint. A crafted, malicious request can cause the web interface to continuously reload, rendering the service unavailable to legitimate users. Exploitation is remote and does not require authe...

7.5CVSS6.4AI score0.0006EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/12/17 8:7 a.m.•2 views

CVE-2025-66430

Plesk 18.0 has Incorrect Access Control...

9.1CVSS7AI score0.00043EPSS

EUVD•added 2025/12/12 6:30 p.m.•2 views

EUVD-2025-203102

Plesk 18.0 has Incorrect Access Control...

9.1CVSS6.5AI score0.00043EPSS