CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

271 matches found

EUVD•added 2026/05/08 10:24 p.m.•5 views

EUVD-2026-28849

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow .github/workflows/pr-docker-build.yml allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a...

10CVSS6.1AI score0.00197EPSS

Exploits0References2

Positive Technologies•added 2026/04/24 12:0 a.m.•0 views

PT-2026-35057

Name of the Vulnerable Software and Affected Versions Skim affected versions not specified Description The generate-files job in the '.github/workflows/pr.yml' file checks out code from an attacker-controlled fork and executes it via the cargo run command. This process allows access to the SKIM R...

7.4CVSS5.3AI score0.00032EPSS

Exploits1References11

RedhatCVE•added 2026/03/27 2:24 p.m.•7 views

CVE-2021-27715

An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request...

9.8CVSS8.1AI score0.00063EPSS

Exploits0References1

CVE•added 2026/03/12 3:37 p.m.•2 views

CVE-2019-25543

Netartmedia Real Estate Portal 5.0 contains an unauthenticated SQL injection in the page parameter (via index.php) that allows attackers to manipulate queries, potentially bypass authentication and access or modify data. The vulnerability affects the server-side SQL handling of the page field. CV...

8.8CVSS5.9AI score0.00263EPSS

Exploits1References2Affected Software1

Wallarm Lab•added 2026/03/12 12:0 p.m.•2 views

The CISO’s Dilemma: How To Scale AI Securely

Your board wants AI. Your developers are building with it. Your budget committee is asking for an ROI timeline. But as CISO, you're the one who has to answer when the inevitable question comes up: "How do we know this is secure?" If you're like most security leaders, you're caught between two...

5.7AI score

Exploits0

RedhatCVE•added 2026/01/09 11:56 a.m.•8 views

CVE-2018-4064

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the...

7.1CVSS6.7AI score0.00034EPSS

Exploits3References1

RedhatCVE•added 2026/01/09 9:33 a.m.•6 views

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

9.8CVSS7.6AI score0.83924EPSS

Exploits4References1

RedhatCVE•added 2026/01/09 8:44 a.m.•7 views

CVE-2022-23447

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an...

7.5CVSS7.3AI score0.00152EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:40 a.m.•15 views

CVE-2022-35401

An authentication bypass vulnerability exists in the getIFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.38649674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this...

9CVSS7AI score0.00068EPSS

Exploits1References1