CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

601 matches found

FlatnuX CMS - Directory Traversal

A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...

5CVSS5.5AI score0.08761EPSS

Exploits1References5

Vulnrichment•added 2026/06/10 3:14 a.m.•5 views

CVE-2026-24719 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS6AI score0.00965EPSS

Exploits0References1

CNNVD•added 2026/06/10 12:0 a.m.•3 views

QNAP Systems QTS 安全漏洞

QNAP Systems QTS is a software with data storage and management capabilities developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems QTS prior to 5.2.7.3256 contained a security vulnerability. This vulnerability stemmed from command injection, which could allow remot...

9.8CVSS5.9AI score0.0029EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 6:48 p.m.•8 views

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

4.1CVSS5.5AI score0.00297EPSS

Exploits0References1

NVD•added 2026/05/27 9:16 a.m.•13 views

CVE-2024-47272

Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS0.00249EPSS

Exploits0References1

NVD•added 2026/05/27 9:16 a.m.•6 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS0.00249EPSS

Exploits0References1

NVD•added 2026/05/27 9:16 a.m.•6 views

CVE-2024-47271

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS0.0034EPSS

Exploits0References1

NVD•added 2026/05/27 9:16 a.m.•5 views

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

2.7CVSS0.00325EPSS

Exploits0References1

Cvelist•added 2026/05/27 8:30 a.m.•30 views

CVE-2024-47271

4.9CVSS0.0034EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 8:30 a.m.•7 views

CVE-2024-47271

4.9CVSS5.8AI score0.0034EPSS

Exploits0References2

Vulnrichment•added 2026/05/27 8:29 a.m.•7 views

CVE-2024-47270

2.7CVSS5.8AI score0.00249EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 8:29 a.m.•5 views

CVE-2024-47269

Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS5.8AI score0.0023EPSS

Exploits0References2

Vulnrichment•added 2026/05/27 8:29 a.m.•8 views

CVE-2024-47268

Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

4.9CVSS5.8AI score0.0034EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43583

2.7CVSS5.8AI score0.00249EPSS

Exploits0References2

CNNVD•added 2026/05/27 12:0 a.m.•6 views

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...

2.7CVSS5.8AI score0.00249EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•6 views

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions of Mattermost Plugins 1.1.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed...

8CVSS6AI score0.0029EPSS

Exploits0References1

Positive Technologies•added 2026/03/24 12:0 a.m.•4 views

PT-2026-27382

Exposure of session signing secret in Checkmk 2.4.0p23, 2.3.0p45 and 2.2.0 allows an administrator of a remote site with config sync enabled to hijack sessions on the central site by forging session cookies...

7.3CVSS5.8AI score0.00334EPSS

Exploits0References2

CNNVD•added 2026/03/24 12:0 a.m.•3 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.4.0p23, 2.3.0p45, and 2.2.0 contain security vulnerabilities. These vulnerabilities stem from the exposure of session signing keys, which could allow remote site administrators to forge session...

7.3CVSS5.8AI score0.00334EPSS

Exploits0References1

VulnCheck KEV•added 2026/02/17 12:0 a.m.•3 views

VulnCheck KEV: CVE-2024-7694

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

7.2CVSS6.1AI score0.01807EPSS

In wildExploits0References2

RedhatCVE•added 2025/11/01 12:4 p.m.•23 views

CVE-2025-40603

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data...

4.5CVSS6.2AI score0.00381EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by