CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

RedhatCVE•added 2026/04/10 7:7 a.m.•3 views

CVE-2026-32990

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application. Mitigation Mitigation for thi...

7.3CVSS6.5AI score0.00208EPSS

Exploits0References4

RedhatCVE•added 2026/03/26 3:2 p.m.•2 views

CVE-2026-32968

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...

9.8CVSS7.3AI score0.02486EPSS

Exploits0References1

ATTACKERKB•added 2026/02/27 1:32 p.m.•3 views

CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

8.7CVSS5.9AI score0.01645EPSS

Exploits0References6

NVD•added 2025/08/25 6:15 p.m.•3 views

CVE-2025-57811

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...

8.6CVSS0.00227EPSS

Exploits0References3

AlpineLinux•added 2025/07/25 3:15 a.m.•3 views

CVE-2025-54566

hw/pci/pciesriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327...

5.4CVSS7.1AI score0.00162EPSS

Exploits0References1

OSV•added 2024/12/06 3:23 p.m.•2 views

OESA-2024-2506 golang security update

. Security Fixes: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.CVE-2024-34156...

7.5CVSS6.9AI score0.00298EPSS

Exploits0References2

SUSE CVE•added 2024/10/03 3:51 a.m.•2 views

SUSE CVE-2021-37577

Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key...

6.8CVSS7.1AI score0.00049EPSS

Exploits0References3

OSV•added 2024/02/14 5:15 p.m.•1 views

CVE-2024-21782

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy scp utility but do not have access to Advanced shell bash can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...

6.7CVSS6AI score0.00069EPSS

Exploits0References1

ATTACKERKB•added 2022/02/19 2:15 a.m.•2 views

CVE-2022-25365

Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774...

7.8CVSS6.9AI score0.01409EPSS

Exploits1References3

OSV•added 2016/04/21 11:0 a.m.•1 views

CVE-2016-2004

HPE Data Protector before 7.03108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623...

9.8CVSS6.1AI score

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by