CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

127 matches found

CNNVD•added 2026/05/11 12:0 a.m.•4 views

Devs Palace ERP Online 跨站脚本漏洞

Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from operations on unknown code located in...

4.8CVSS5.7AI score0.0003EPSS

Exploits0References1

CNNVD•added 2026/05/10 12:0 a.m.•3 views

Devs Palace ERP Online 跨站脚本漏洞

4.8CVSS5.6AI score0.0003EPSS

Exploits0References1

Cvelist•added 2026/05/08 12:0 a.m.•28 views

CVE-2024-33724

SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...

0.00155EPSS

Exploits1References1

NVD•added 2026/04/28 2:16 a.m.•2 views

CVE-2026-7213

A vulnerability was detected in ef10007 MLOpsMCP 1.0.0. This impacts an unknown function of the file fastmcpserver.py of the component savefile Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public...

7.5CVSS0.00066EPSS

Exploits0References5

Cvelist•added 2026/04/28 1:30 a.m.•24 views

CVE-2026-7213 ef10007 MLOps_MCP save_file Tool fastmcp_server.py path traversal

7.5CVSS0.00066EPSS

Exploits0References5

EUVD•added 2026/04/28 1:30 a.m.•3 views

EUVD-2026-25966

7.5CVSS7.1AI score0.00066EPSS

Exploits0References5

Positive Technologies•added 2026/04/28 12:0 a.m.•0 views

PT-2026-35586

A vulnerability was detected in ef10007 MLOps MCP 1.0.0. This impacts an unknown function of the file fastmcp server.py of the component save file Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now...

7.5CVSS5AI score0.00066EPSS

Exploits0References6

CNNVD•added 2026/04/21 12:0 a.m.•3 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the locale/save.php file, which directly concatenated $POSTflag to construct the file path witho...

8.7CVSS6.1AI score0.0019EPSS

Exploits1References1

Snyk•added 2026/04/05 8:7 p.m.•0 views

Directory Traversal

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to Directory Traversal the LocalFileManagerDriver file path resolution in griptape/drivers/filemanager/localfilemanagerdriver.py. An attacker can read, list...

6.5CVSS7.1AI score0.00092EPSS

Exploits0References2

CVE•added 2026/04/03 11:49 p.m.•9 views

CVE-2026-34772

CVE-2026-34772 – Electron Use-After-Free in download save dialog callback . The issue affects Electron applications that allow downloads and programmatically destroy sessions. If the session is torn down while a native save-file dialog for a download is open, dismissing the dialog may dereference...

8.8CVSS5.8AI score0.00014EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/03 11:49 p.m.•0 views

CVE-2026-34772 Electron: Use-after-free in download save dialog callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

5.8CVSS5.8AI score0.00014EPSS

Exploits0References1

ATTACKERKB•added 2026/04/03 11:49 p.m.•1 views

CVE-2026-34772

5.8CVSS5.8AI score0.00014EPSS

Exploits0References2Affected Software1

EUVD•added 2026/03/25 5:45 p.m.•1 views

EUVD-2026-14482

AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload...

8.8CVSS5.9AI score0.0039EPSS

Exploits1References3

RedhatCVE•added 2026/02/04 3:15 a.m.•3 views

CVE-2025-12774

A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sensitive information such as details of databa...

7.5CVSS8.3AI score0.00009EPSS

Exploits0References1

NVD•added 2026/02/03 2:16 a.m.•3 views

CVE-2025-12774

7.5CVSS0.00009EPSS

Exploits0References1

Cvelist•added 2026/02/03 1:28 a.m.•22 views

CVE-2025-12774 SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0

4.6CVSS0.00009EPSS

Exploits0References1

Vulnrichment•added 2026/02/03 1:28 a.m.•1 views

CVE-2025-12774 SQL queries with sensitive information printed in logs with Brocade SANnav before 3.0

4.6CVSS5.3AI score0.00009EPSS

Exploits0References1

CVE•added 2026/02/03 1:28 a.m.•5 views

CVE-2025-12774

Summary: CVE-2025-12774 affects Brocade SANnav before 3.0. A migration-script flaw can cause a support save file to reveal SQL queries and sensitive data (e.g., details of database tables and encrypted passwords) when the file is opened. The issue is locally exploitable via access to the SANnav s...

7.5CVSS5.3AI score0.00009EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/02/03 1:28 a.m.•2 views

CVE-2025-12774

4.6CVSS8.3AI score0.00009EPSS

Exploits0References2Affected Software1

EUVD•added 2026/02/03 1:28 a.m.•1 views

EUVD-2025-206759

4.6CVSS5.3AI score0.00009EPSS

Exploits0References1

Rows per page