CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

OSV•added 2026/04/29 3:15 p.m.•5 views

CLSA-2026-1777475754 glusterfs: Fix of 2 CVEs

CVE-2018-10923: posix: disable open/read/write on special files - CVE-2018-14651: server: don't allow '/' in basename...

8.8CVSS5.8AI score0.02082EPSS

Exploits0References1

Positive Technologies•added 2026/02/27 12:0 a.m.•5 views

PT-2026-22401

Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.11 Description Indico, an event management system utilizing Flask-Multipass, contains a flaw in the API endpoint responsible for managing event series. This endpoint lacks a necessary access check, potentially...

6.5CVSS5.9AI score0.0002EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-2508

Malicious code in bioql PyPI...

10CVSS9.2AI score0.00977EPSS

Exploits0References6

CVE•added 2025/04/03 6:24 p.m.•250 views

CVE-2025-31486

Vite is affected by a local-file–read bypass in the dev server when it is exposed to the network (e.g., started with --host or server.host). The flaw lets an attacker retrieve contents of arbitrary files smaller than build.assetsInlineLimit (default 4 kB) by crafting URLs using the ?.svg suffix a...

5.3CVSS7.2AI score0.04736EPSS

Exploits7References3

Positive Technologies•added 2024/09/24 12:0 a.m.•4 views

PT-2024-7541 · Unknown · Workstation

Name of the Vulnerable Software and Affected Versions: WorkstationST affected versions not specified Description: The issue is related to incorrect restriction of the directory path name in the OPC server. Exploitation of this issue may allow a remote attacker to gain access to the server...

9.7CVSS7.3AI score

Exploits0References2

Talos•added 2024/04/03 12:0 a.m.•25 views

Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability

Talos Vulnerability Report TALOS-2024-1949 Open Automation Software OAS Platform OAS Engine User Configuration improper input validation vulnerability April 3, 2024 CVE Number CVE-2024-27201 SUMMARY An improper input validation vulnerability exists in the OAS Engine User Configuration functionali...

4.9CVSS5.5AI score0.00151EPSS

Exploits1

Prion•added 2023/05/28 11:15 p.m.•27 views

Design/Logic Flaw

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the cas...

5CVSS5.2AI score0.00137EPSS

Exploits0References3Affected Software1

Cvelist•added 2020/12/18 9:27 a.m.•11 views

CVE-2020-26174

tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser client-side and can be circumvented. This allows an attacker to upload any file as an...

8.8CVSS8.6AI score0.00423EPSS

Exploits1References2

Japan Vulnerability Notes•added 2014/12/18 5:47 a.m.•3 views

Multiple Allied Telesis products vulnerable to buffer overflow

Overview AR Router Series and Alliedware switches provided by Allied Telesis Group contain a buffer overflow vulnerability CWE-788 due to a flaw when processing a POST method. Impact Arbitrary code may be executed when processing a specially crafted HTTP request. Solution Update the Firmware Upda...

10CVSS7.4AI score0.08447EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by