CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14782 matches found

CVE-2026-45132

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

10CVSS5.5AI score0.00043EPSS

Exploits0References1

RedhatCVE•added last week•4 views

CVE-2026-22564

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation:...

9.8CVSS5.5AI score0.00021EPSS

Exploits0References1

NVD•added last week•6 views

CVE-2026-45748

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /ssh/tunnel/connect endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields endpointIP, endpointUsername,...

9.8CVSS0.00967EPSS

Exploits1References2

Cvelist•added last week•30 views

CVE-2026-45748 Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection

9.8CVSS0.00967EPSS

Exploits1References2

Vulnrichment•added last week•3 views

CVE-2026-45748 Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection

9.8CVSS5.5AI score0.00967EPSS

Exploits1References2

ATTACKERKB•added last week•6 views

CVE-2026-45748

9.8CVSS5.5AI score0.00967EPSS

Exploits1References3Affected Software1

Cvelist•added last week•25 views

CVE-2025-71317 NetMan 204 Hard-coded Backdoor Credentials

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

9.8CVSS0.00076EPSS

Exploits0References3

GithubExploit•added 2026/06/04 11:22 p.m.•57 views

simplectf

Simple CTF — TryHackMe Walkthrough Platform: TryHackMe |...

8.1CVSS7.3AI score0.92556EPSS

Exploits37

RedHat Linux•added 2026/06/04 10:8 p.m.•6 views

kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

7.1CVSS6AI score0.00007EPSS

Exploits4References7

Cvelist•added 2026/06/04 5:52 p.m.•25 views

CVE-2026-41236 Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS0.0007EPSS

Exploits0References2

EUVD•added 2026/06/04 5:52 p.m.•8 views

EUVD-2026-34315

8.8CVSS5.9AI score0.0007EPSS

Exploits0References2

ATTACKERKB•added 2026/06/04 5:52 p.m.•5 views

CVE-2026-41236

8.8CVSS5.9AI score0.0007EPSS

Exploits0References3

SUSE Linux•added 2026/06/03 2:21 p.m.•3 views

Security update for salt

This update for salt fixes the following issue: Security issues fixed: CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 Harden Torna...

8.7CVSS7.2AI score0.00028EPSS

Exploits0References16

OSV•added 2026/06/03 2:21 p.m.•4 views

SUSE-SU-2026:2257-1 Security update for salt

This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...

8.7CVSS7.1AI score0.00028EPSS

Exploits0References8

SUSE Linux•added 2026/06/03 2:20 p.m.•4 views

Security update for salt

8.7CVSS7.2AI score0.00028EPSS

Exploits0References16

OSV•added 2026/06/03 2:20 p.m.•5 views

SUSE-SU-2026:2256-1 Security update for salt

8.7CVSS5.8AI score0.00028EPSS

Exploits0References8

SUSE Linux•added 2026/06/03 2:19 p.m.•4 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

8.7CVSS7.5AI score0.00043EPSS

Exploits0References26

SUSE Linux•added 2026/06/03 2:16 p.m.•3 views

Security update for salt

8.7CVSS7.2AI score0.00028EPSS

Exploits0References16

OSV•added 2026/06/03 2:16 p.m.•5 views

SUSE-SU-2026:2252-1 Security update for salt

8.7CVSS5.8AI score0.00028EPSS

Exploits0References8

SUSE Linux•added 2026/06/03 2:13 p.m.•6 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle