CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

203 matches found

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44817

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00306EPSS

Exploits0References2

EUVD•added 2026/03/19 6:31 p.m.•2 views

EUVD-2025-208887

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...

6AI score0.00064EPSS

Exploits0References4

Tenable Nessus•added 2026/01/16 12:0 a.m.•9 views

MiracleLinux 7 : rh-mariadb101-mariadb-10.1.19-6.el7 (AXSA:2016-1178:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1178:02 advisory. MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation...

10CVSS8.2AI score0.89577EPSS

Exploits20References8

Tenable Nessus•added 2026/01/14 12:0 a.m.•2 views

MiracleLinux 3 : postgresql-8.1.18-2.1.1AXS3 (AXSA:2009-415:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-415:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselect...

6.5CVSS8AI score0.09096EPSS

Exploits2References3

RedhatCVE•added 2026/01/09 11:50 a.m.•5 views

CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a 1 sequence or 2 global-variable object, which allows remote authenticated users to make use of data via unspecified vectors...

6.5CVSS6.4AI score0.01007EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:2 a.m.•8 views

CVE-2007-4309

IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini 1 KFMShowEntropy and 2 DebugOutfile debug variables, a different vulnerability than CVE-2005-2696...

5CVSS6.3AI score0.00238EPSS

Exploits7References1

RedhatCVE•added 2026/01/09 9:32 a.m.•3 views

CVE-2023-25609

A server-side request forgery SSRF vulnerability CWE-918 in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests...

6.5CVSS6.9AI score0.00211EPSS

Exploits0References1

CVE•added 2025/12/04 2:20 p.m.•11 views

CVE-2024-5401

CVE-2024-5401 affects Synology DiskStation Manager (DSM) WebAPI and Synology Unified Controller (DSMUC). The vulnerability is described as an improper control of dynamically-managed code resources in the WebAPI component, allowing remote authenticated users to obtain privileges without consent vi...

8.8CVSS6.6AI score0.00054EPSS

Exploits0References1Affected Software2