CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

131 matches found

Cvelist•added 2026/05/28 3:44 a.m.•26 views

CVE-2026-9794 Keycloak: keycloak: information disclosure via saml ecp endpoint

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

5.3CVSS0.00039EPSS

Exploits0References3

Nuclei•added 2 days ago•30 views

Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

7.5CVSS7.2AI score0.91385EPSS

Exploits3

ATTACKERKB•added 2026/04/24 3:48 p.m.•1 views

CVE-2026-39920

BridgeHead FileStore versions prior to 24A released in early 2024 expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console...

9.8CVSS5.9AI score0.00281EPSS

Exploits0References6

Vulnrichment•added 2026/04/24 3:48 p.m.•2 views

CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE

9.8CVSS5.9AI score0.00281EPSS

Exploits0References5

Cvelist•added 2026/03/30 12:0 a.m.•18 views

CVE-2026-33373

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...

0.00058EPSS

Exploits0References4

NVD•added 2026/02/24 3:16 a.m.•8 views

CVE-2025-13942

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17ABUP.15.1C0 could allow a remote attacker to execute operating system OS commands on an affected device by sending specially crafted UPnP SOAP requests...

9.8CVSS0.00181EPSS

Exploits0References1

OSV•added 2026/02/24 3:16 a.m.•2 views

CVE-2025-13942

9.8CVSS5.9AI score

Exploits0References1

EUVD•added 2026/01/26 10:4 a.m.•1 views

EUVD-2025-206361

The exos 9300 application can be used to configure Access Managers e.g. 92xx, 9230 and 9290. The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via...

9.3CVSS5.9AI score0.00142EPSS

Exploits0References3

RedhatCVE•added 2026/01/07 9:10 a.m.•17 views

CVE-2022-27643

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the...

8.8CVSS7.1AI score0.00836EPSS

Exploits0References1

GithubExploit•added 2026/01/02 5:21 p.m.•185 views

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-59287 ⚠ This tool is created solely for educatio...

9.8CVSS8.6AI score0.68756EPSS

Exploits24

Positive Technologies•added 2025/12/20 12:0 a.m.•2 views

PT-2025-52533

Name of the Vulnerable Software and Affected Versions Tapo C200 V3 affected versions not specified Description A buffer overflow exists in the ONVIF XML parser. An attacker on the same local network can send specially crafted SOAP XML requests, leading to memory overflow and a device crash,...

8.7CVSS6.7AI score0.00079EPSS

Exploits0References13

Tenable Nessus•added 2025/11/05 12:0 a.m.•2 views

DELMIA Apriso Missing Authorization Vulnerability (CVE-2025-6205)

The version of DELMIA Apriso installed on the remote host is Release 2020 through Release 2025. It is, therefore, affected by a missing authorization vulnerability CVE-2025-6205 that could allow an attacker to gain privileged access to the application. Exploitation can be achieved by sending...

9.1CVSS7.1AI score0.82805EPSS

Exploits0References2

GithubExploit•added 2025/11/04 6:38 p.m.•262 views

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-59287 ⚠ This tool is created solely for educatio...

9.8CVSS10AI score0.68756EPSS

Exploits24

NVD•added 2025/10/14 1:15 p.m.•2 views

CVE-2025-9066

A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service...

8.7CVSS0.00267EPSS

Exploits0References1

Vulnrichment•added 2025/10/14 12:15 p.m.•1 views

CVE-2025-9066 Rockwell Automation FactoryTalk® ViewPoint XXE to Denial-of-Service Vulnerability

8.7CVSS6.5AI score0.00267EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2006-4126

Malware in sbrugna...

7.5CVSS6.4AI score0.00666EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•6 views