CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

166 matches found

CVE-2026-44849

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...

9.4CVSS0.00044EPSS

Exploits1References1

ATTACKERKB•added last week•5 views

CVE-2026-44849

5.8AI score0.00044EPSS

Exploits1References2Affected Software1

EUVD•added last week•4 views

EUVD-2026-33063

9.4CVSS5.8AI score0.00044EPSS

Exploits1References1

Github Security Blog•added 2026/05/14 4:33 p.m.•5 views

Portainer has an endpoint security bypass via Swarm service create/update

Summary Portainer enforces seven EndpointSecuritySettings restrictions that administrators configure to restrict the container configurations non-admin users can launch: privileged mode, host PID namespace, device mapping, capabilities, sysctls, security-opt Seccomp / AppArmor, and bind mounts. T...

9.4CVSS5.8AI score0.00044EPSS

Exploits1References5Affected Software1

NVD•added 2026/05/11 10:16 a.m.•6 views

CVE-2025-8325

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

8.8CVSS0.00044EPSS

Exploits0References1

CVE•added 2026/05/11 9:37 a.m.•5 views

CVE-2025-8325

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2025-8325; current sources describe an RBAC bypass affecting Gateway and Internal Service APIs in WSO2 products, but no concrete technical specifics are provided here.

8.8CVSS5.8AI score0.00044EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/11 9:37 a.m.•31 views

CVE-2025-8325 Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations

6.3CVSS0.00044EPSS

Exploits0References1

OSV•added 2026/05/08 5:46 a.m.•4 views

BIT-JRE-2024-21145

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1;...

4.8CVSS5.8AI score0.0045EPSS

Exploits0References4

Positive Technologies•added 2026/05/08 12:0 a.m.•4 views

PT-2026-38824

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

7.4CVSS5.8AI score0.00977EPSS

Exploits0References5

Positive Technologies•added 2026/05/08 12:0 a.m.•6 views

PT-2026-38856

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...

5.9CVSS5.8AI score0.00559EPSS

Exploits0References7

Vulnrichment•added 2026/05/06 4:15 p.m.•2 views

CVE-2026-20189 Cisco Prime Infrastructure Information Disclosure Vulnerability

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit...

4.3CVSS6AI score0.00039EPSS

Exploits0References1

OSV•added 2026/05/06 2:44 p.m.•1 views

BIT-JAVA-MIN-2024-20921

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

5.9CVSS6.6AI score0.0022EPSS

Exploits0References5

OSV•added 2026/05/06 2:42 p.m.•1 views

BIT-JAVA-2020-2655

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this...

5.8CVSS6.8AI score0.02147EPSS

Exploits0References10

Positive Technologies•added 2026/05/06 12:0 a.m.•3 views

PT-2026-37731

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS5.8AI score0.00133EPSS

Exploits0References8

Positive Technologies•added 2026/04/30 12:0 a.m.•1 views

PT-2026-36097

Name of the Vulnerable Software and Affected Versions Multicluster Engine affected versions not specified Red Hat Advanced Cluster Management affected versions not specified Description A flaw in the assisted-service REST API, an optional Assisted Installer component in the Multicluster Engine,...

6.1CVSS5.8AI score0.00007EPSS

Exploits0References11

vulnersOsv•added 2026/04/22 6:30 a.m.•4 views

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +625 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.2)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

3.7CVSS5.8AI score0.00067EPSS

Exploits0

Debian CVE•added 2026/04/21 8:35 p.m.•2 views

CVE-2026-34268

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

2.9CVSS7.4AI score0.00022EPSS

Exploits0

RedhatCVE•added 2026/04/04 10:54 p.m.•3 views

CVE-2026-27834

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability exists in the pwg.users.getList Web Service API method. The filter parameter is directly concatenated into a SQL query without proper sanitization, allowing authenticated...

7.2CVSS6.1AI score0.0005EPSS

Exploits1References1

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-30243

7.2CVSS6.1AI score0.0005EPSS

Exploits1References4

Positive Technologies•added 2026/04/01 12:0 a.m.•2 views

PT-2026-29563

Name of the Vulnerable Software and Affected Versions Cisco Smart Software Manager On-Prem versions 9-202502 through 9-202510 Description A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying...

10CVSS6.3AI score0.00249EPSS

Exploits0References39

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by