CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

CVE-2026-44320

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback...

7.3CVSS5.6AI score0.00044EPSS

Exploits1References1

ATTACKERKB•added 2026/05/27 3:48 p.m.•7 views

CVE-2026-44320

7.3CVSS6AI score0.00044EPSS

Exploits1References4Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-8759

Malware in sbrugna...

9.8CVSS9.5AI score0.02512EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-8767

Malware in sbrugna...

9.8CVSS9.5AI score0.02512EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-16339

Malicious code in bioql PyPI...

7.5CVSS5.8AI score0.36562EPSS

Exploits1References3

CNVD•added 2025/08/20 12:0 a.m.•1 views

Tenda AC20 Buffer Overflow Vulnerability (CNVD-2025-19583)

The Tenda AC20 is a wireless router from the Chinese company Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability that originates from the failure of the parameter list of the setqosMiblist function in the /goform/SetNetControlList file to correctly validate the length of the input...

9.8CVSS8.3AI score0.00342EPSS

Exploits1References1

Vulnrichment•added 2025/08/16 10:32 p.m.•4 views

CVE-2025-9087 Tenda AC20 SetNetControlList Endpoint set_qosMib_list stack-based overflow

A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function setqosMiblist of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack...

9CVSS7.3AI score0.00342EPSS

Exploits1References6

RedhatCVE•added 2025/05/23 9:34 a.m.•13 views

CVE-2024-0546

A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public...

7.5CVSS6.9AI score0.36562EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:41 a.m.•4 views

CVE-2024-9798

The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers...

9CVSS6.7AI score0.0012EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:24 p.m.•2 views

CVE-2022-3947

A vulnerability classified as critical has been found in eolinker gokulite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

9.8CVSS9.4AI score0.00396EPSS

Exploits1References1

OSV•added 2024/10/10 8:15 a.m.•7 views

CVE-2024-9798

The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers...

5.3CVSS6.6AI score

Exploits0References1

OSV•added 2022/11/11 1:15 p.m.•2 views

CVE-2022-3947

9.8CVSS5.7AI score0.00396EPSS

Exploits1References3

Positive Technologies•added 2022/11/11 12:0 a.m.•2 views

PT-2022-24972 · Unknown · Eolinker Goku Lite

Name of the Vulnerable Software and Affected Versions: eolinker goku lite affected versions not specified Description: A critical issue has been found in eolinker goku lite, affecting an unknown part of the file /balance/service/list. The manipulation of the route/keyword argument leads to SQL...

9.8CVSS9.8AI score0.00396EPSS

Exploits1References5

CNNVD•added 2022/11/11 12:0 a.m.•2 views

Eolinker SQL注入漏洞

Eolinker, an API management solution from Eolinker China, is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the file /balance/service/list. An attacker could exploit the vulnerability by gaining access to database information...

9.8CVSS7.2AI score0.00396EPSS

Exploits1References4

OSV•added 2022/05/13 1:9 a.m.•0 views

GHSA-VW2C-5WPH-V92R Improper Neutralization of Input During Web Page Generation in Apache CXF

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. Th...

6.1CVSS7.1AI score0.09833EPSS

Exploits0References15

CNVD•added 2022/01/07 12:0 a.m.•18 views

Sourcecodester Vehicle Service Management System Cross-Site Scripting Vulnerability

Sourcecodester Vehicle Service Management System is an open source PHP project. A simple Web application for automotive repair/service stores or businesses. sourcecodester Vehicle Service Management System version 1.0 has a cross-site scripting vulnerability that stems from a lack of valid...

4.8CVSS3.1AI score0.05674EPSS

Exploits1References1