CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed an issue related to “slab-use-after-free” in ksmbdsmb2sessioncreate. There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch adds the necessary sessionstablelock during the...

7.8CVSS6.6AI score0.0002EPSS

Exploits0References2

CNNVD•added 2026/02/19 12:0 a.m.•3 views

Pi-hole Web Interface 安全漏洞

The Pi-hole Web Interface is an open-source dashboard web interface developed by Pi-hole. Versions of the Pi-hole Web Interface 6.0 and later contain security vulnerabilities. These vulnerabilities stem from a storage-type HTML injection vulnerability in the API settings page’s activity session...

5.4CVSS6AI score0.00055EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2002-2245

Malware in sbrugna...

5CVSS6.4AI score0.00711EPSS

Exploits0References4

OSV•added 2025/04/16 3:15 p.m.•0 views

DEBIAN-CVE-2025-22041

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdsessionsderegister In multichannel mode, UAF issue can occur in sessionderegister when the second channel sets up a session through the connection of the first channel. session that is freed...

8.8CVSS5.7AI score0.00022EPSS

Exploits0References1

OSV•added 2025/04/16 3:15 p.m.•1 views

UBUNTU-CVE-2025-22041

8.8CVSS6.2AI score0.00022EPSS

Exploits0References26

SUSE CVE•added 2024/11/19 3:49 a.m.•1 views

SUSE CVE-2024-50286

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbdsmb2sessioncreate There is a race condition between ksmbdsmb2sessioncreate and ksmbdexpiresession. This patch add missing sessionstablelock while adding/deleting session from global session...

7.8CVSS7.7AI score0.0002EPSS

Exploits0References3

NVD•added 2024/11/19 2:16 a.m.•10 views

CVE-2024-50286

7.8CVSS0.0002EPSS

Exploits0References5

OSV•added 2024/11/19 2:16 a.m.•0 views

DEBIAN-CVE-2024-50286

7CVSS6.1AI score0.0002EPSS

Exploits0References1

OSV•added 2024/11/19 2:16 a.m.•1 views

UBUNTU-CVE-2024-50286

7.8CVSS6.6AI score0.0002EPSS

Exploits0References19

Vulnrichment•added 2024/11/19 1:30 a.m.•3 views

CVE-2024-50286 ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create

7.1AI score0.0002EPSS

Exploits0References4

NVD•added 2017/10/31 6:29 p.m.•8 views

CVE-2017-14163

An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usrsession table is not removed. If someone were to open a browser, visit the Mahara site, and adjus...

8.8CVSS8.6AI score0.00225EPSS

Exploits0References1

Dsquare•added 2015/12/19 12:0 a.m.•373 views

Joomla 1.5.0 to 3.4.5 Object Injection via User-Agent

Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the sessi...

1.7AI score

Exploits0

Packet Storm•added 2015/12/17 12:0 a.m.•559 views

Joomla HTTP Header Unauthenticated Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Joomla HTTP Header Unauthenticated Remote Code Execution', 'Description' = %q Joomla suffers from an unauthenticated remote code...

7.5CVSS0.3AI score0.92855EPSS

Exploits16

Metasploit•added 2015/12/15 5:26 p.m.•224 views

Joomla HTTP Header Unauthenticated Remote Code Execution

9.8CVSS8.5AI score0.92855EPSS

Exploits16

Packet Storm•added 2014/10/23 12:0 a.m.•38 views

Centreon SQL / Command Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Centreon SQL and Command Injection', 'Description' = %q This module exploits several vulnerabilities on Centreon 2.5.1 and prior and...

10CVSS0.2AI score0.86204EPSS

Exploits9

myhack58•added 2010/02/25 12:0 a.m.•26 views

Sablog-X 2.0 admin permissions spoofing vulnerability-vulnerability warning-the black bar safety net

Published:2010-02-24 Affected version: Sablog-X 2.0 Vulnerability description: // cp.php if !$ saxuid || !$ saxpw || !$ saxlogincount || !$ saxhash // As long as this condition is not satisfied,it can be through the background of the permission to verify. loginpage; ... if $saxgroup == 1 // If yo...

0.1AI score

Exploits0

Cvelist•added 2007/10/18 10:0 a.m.•14 views

CVE-2002-2266

NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or Netmeeting traffic, allows remote attackers to cause a denial of service firewall session table consumption by establishing multiple half-open H.323 sessions, which are not cleaned up on garbage removal and do not time out for 36 hours...

6.8AI score0.00711EPSS

Exploits0References3

Packet Storm•added 2007/03/20 12:0 a.m.•42 views

overtheledger.txt

Hi; Affected versions: LedgerSMB 1.1.10 but see below, current is 1.1.11 SQL-Ledger 2.6.27 but see below. Current is 2.6.27 Effects: Arbitrary code execution both products and authentication bypass SQL-Ledger only. We have discovered yet another major security issue in both SQL-Ledger for affecte...

Exploits0

Tenable Nessus•added 2005/07/13 12:0 a.m.•13 views

FreeBSD : phpBB session table exhaustion (a56a72bb-9f72-11d8-9585-0020ed76ef5a)

The includes/sessions.php unnecessarily adds session item into session table and therefore vulnerable to a denial-of-service attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyrig...

5.4AI score

Exploits0References2