CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

83 matches found

RedhatCVE•added 2026/05/29 8:13 p.m.•13 views

CVE-2026-20182

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

10CVSS6.1AI score0.83838EPSS

Exploits4References1

CVE•added 2026/05/11 4:2 p.m.•12 views

CVE-2026-33356

CVE-2026-33356 affects Meari IoT Cloud MQTT Broker deployments using EMQX 4.x. The issue is that authenticated low-privilege users can subscribe to global wildcard topics and access telemetry from devices they don’t own, because subscribe authorization is not enforced at per-device scope, while p...

7.7CVSS5.8AI score0.00012EPSS

Exploits0References2

NVD•added 2026/03/04 5:16 p.m.•3 views

CVE-2026-28783

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either ha...

9.4CVSS0.00036EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 8:56 a.m.•2 views

CVE-2023-40056

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account...

8.8CVSS7.9AI score0.00073EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:32 a.m.•3 views

CVE-2019-16387

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/randomtoken/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchemaListDatabases request while using a low-privilege account. This can perform actions and retrieve data that only an administrator should have access to. NOTE: The vendor states that...

8.1CVSS7AI score0.00283EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:31 a.m.•4 views

CVE-2019-16388

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and th...

4.3CVSS6.5AI score0.0024EPSS

Exploits1References1

OSV•added 2025/11/05 5:15 p.m.•3 views

CVE-2025-20289

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

5.4CVSS6.1AI score

Exploits0References1

NVD•added 2025/11/05 5:15 p.m.•3 views

CVE-2025-20289

5.4CVSS0.00051EPSS

Exploits0References1

EUVD•added 2025/11/05 4:33 p.m.•5 views

EUVD-2025-37882

5.4CVSS6.3AI score0.00043EPSS

Exploits0References2

Vulnrichment•added 2025/11/05 4:32 p.m.•2 views

CVE-2025-20289

4.8CVSS6.5AI score0.00051EPSS

Exploits0References1

RedhatCVE•added 2025/10/22 12:11 a.m.•3 views

CVE-2025-60506

Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting XSS via the Public Comments feature. An attacker with a low-privileged account e.g., Student can inject arbitrary JavaScript payloads into a comment. When any other user Student, Teacher, or Admin views the annotated PD...

5.4CVSS5.9AI score0.00024EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-2654

Malware in sbrugna...

9.9CVSS8.9AI score0.00171EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-23932

Malware in sbrugna...

9.3CVSS8.1AI score0.0024EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-4532