CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

ATTACKERKB•added 2026/05/06 5:10 p.m.•2 views

CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS5.8AI score0.00041EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/25 12:0 a.m.•18 views

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

0.00263EPSS

Exploits0References2

Vulnrichment•added 2026/03/25 12:0 a.m.•2 views

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

6.1AI score0.00263EPSS

Exploits0References2

OSV•added 2026/03/09 7:50 p.m.•1 views

GHSA-GH4X-F7CQ-WWX6 Glances Exposes Unauthenticated Configuration Secrets

Summary The /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT...

8.7CVSS5.8AI score0.0667EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-17908

Malware in sbrugna...

7.8CVSS7.7AI score0.00662EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-3131

Malware in sbrugna...

5.5CVSS5.6AI score0.00138EPSS

Exploits0References2

CNNVD•added 2025/06/19 12:0 a.m.•5 views

Apache SeaTunnel 访问控制错误漏洞

Apache SeaTunnel is an easy-to-use data integration framework from the Apache USA Foundation. An access control error vulnerability exists in Apache SeaTunnel version 2.3.10 and earlier, which originates from an unauthorized user being able to perform arbitrary file read and deserialization attac...

6.5CVSS8.9AI score0.00117EPSS

Exploits0References4

ICS•added 2025/04/30 12:0 a.m.•8 views

Commvault Web Server unspecified vulnerability

RISK EVALUATION According to Commvault: "The Web Server is a component in CommCell environments that provides a RESTful interface to the software where users can perform various tasks using available APIs". A remote, authenticated attacker can exploit an unspecified vulnerability to compromise a...

8.8CVSS6.6AI score0.28635EPSS

Exploits0References1

CNNVD•added 2024/06/12 12:0 a.m.•4 views

OSIsoft PI Web API Code Issue Vulnerability

The Osisoft OSIsoft PI Web API is a RESTful interface to a set of PI systems from the US company Osisoft. The product supports client applications with read and write access to their AF and PI data over HTTPS. A code issue vulnerability exists in the OSIsoft PI Web API, which stems from a...

8.4CVSS7.1AI score0.00519EPSS

Exploits0References2

CNNVD•added 2022/12/27 12:0 a.m.•2 views

Oxidized Web 跨站脚本漏洞

Oxidized Web is a Web UI + RESTful API for Oxidized. Oxidized Web suffers from a cross-site scripting vulnerability that stems from the fact that incorrect manipulation of the parameter toresearch can lead to cross-site scripting...

5.4CVSS4.2AI score0.00322EPSS

Exploits0References5

OSV•added 2021/01/26 6:15 p.m.•2 views

CVE-2020-29001

An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a...

7.2CVSS7.1AI score

Exploits0References2

CNVD•added 2018/08/24 12:0 a.m.•1 views

HPE RESTful Interface Tool Privilege Permission and Access Control Vulnerability

HPE RESTful Interface Tool is a suite of RESTful interface tools from Hewlett Packard Enterprise HPE that can configure, inventory, and monitor a variety of system and server components, which supports control of power supplies, BIOS legacy/UEFI, and iLO 4 through command tools settings, reading...

7.8CVSS8.1AI score0.00662EPSS

Exploits0References1

NVD•added 2018/08/06 8:29 p.m.•12 views

CVE-2017-8968

A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 hprest-1.5-79.x8664.rpm, ilorest-2.0-403.x8664.rpm. The issue is resolved in iLOREST v2.1 or subsequent versions...

7.8CVSS7.8AI score0.00662EPSS

Exploits0References1

Prion•added 2018/08/06 8:29 p.m.•15 views

Code injection

7.2CVSS7.8AI score0.00662EPSS

Exploits0References1Affected Software1

OSV•added 2018/08/06 8:29 p.m.•2 views

CVE-2017-8968

7.8CVSS6AI score

Exploits0References1

Cvelist•added 2018/08/06 8:0 p.m.•10 views

CVE-2017-8968

7.8AI score0.00662EPSS

Exploits0References1

CVE•added 2018/08/06 8:0 p.m.•36 views

CVE-2017-8968

CVE-2017-8968 affects HPE RESTful Interface Tool versions 1.5 and 2.0. A privilege-granting and access-control vulnerability allows remote attackers to execute arbitrary code, as described in CNVD-2019-03323, with the issue fixed in iLOREST v2.1 and later.

7.8CVSS7.7AI score0.00662EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2017/08/18 5:29 p.m.•1 views

CVE-2015-7944

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service resourc...

7.5CVSS5.6AI score0.18955EPSS

Exploits4References12

NVD•added 2016/05/30 1:59 a.m.•8 views

CVE-2016-2023

HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors...

5.5CVSS5.1AI score0.00138EPSS

Exploits0References1

OSV•added 2016/05/30 1:59 a.m.•1 views

CVE-2016-2023

HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors...

5.5CVSS5.8AI score

Exploits0References1