CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/12 9:44 a.m.•24 views

CVE-2026-11848 IEI Integration Corp｜ iRM-IEI Remote Management - Missing Authentication

The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information...

7.9CVSS0.00297EPSS

Vulnrichment•added 2026/06/12 9:44 a.m.•5 views

CVE-2026-11848 IEI Integration Corp｜ iRM-IEI Remote Management - Missing Authentication

7.9CVSS5.3AI score0.00297EPSS

Positive Technologies•added 2026/06/12 12:0 a.m.•9 views

PT-2026-48855

7.9CVSS5.3AI score0.00297EPSS

Exploits0References3

Vulnrichment•added 2026/06/09 11:48 a.m.•6 views

CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS5.6AI score0.00671EPSS

Exploits0References4

ATTACKERKB•added 2026/06/08 1:55 a.m.•6 views

CVE-2022-50953

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS5.6AI score0.00313EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/06/05 7:40 p.m.•6 views

CVE-2025-62308

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...

5.1CVSS5.4AI score0.00109EPSS

Snyk•added 2026/05/27 7:33 p.m.•3 views

External Control of System or Configuration Setting

Overview Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the found-action process. An attacker can execute arbitrary shell commands on the host system by sending specially crafted JSON data to the REST API server endpoint when it is...

10CVSS6.1AI score0.0032EPSS

Snyk•added 2026/05/27 7:33 p.m.•3 views

External Control of System or Configuration Setting

10CVSS6.1AI score0.0032EPSS

CVE•added 2026/05/26 1:42 a.m.•31 views

CVE-2026-4795

CVE-2026-4795 describes a missing authorization vulnerability in Zyxel GS1200 series switches (GS1200-5v3/8v3/5HPv3/8HPv3/10v3) up to firmware versions noted. The issue allows a LAN-based, unauthenticated attacker to read the system configuration from a log file via a crafted HTTP request. The co...

ATTACKERKB•added 2026/05/26 1:42 a.m.•4 views

CVE-2026-4795

A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...

Exploits0References2Affected Software5

Vulnrichment•added 2026/05/26 1:42 a.m.•6 views

CVE-2026-4795

Positive Technologies•added 2026/05/26 12:0 a.m.•9 views

PT-2026-43176