CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

RedhatCVE•added 2026/06/05 7:25 p.m.•8 views

CVE-2026-44884

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8 and 2.39.1, a missing authorization vulnerability in the Custom Template file endpoint GET...

6.5CVSS5.4AI score0.0022EPSS

Exploits1References1

NVD•added 2026/05/28 10:16 p.m.•8 views

CVE-2026-44884

6.5CVSS0.0022EPSS

Exploits1References1

Cvelist•added 2026/04/10 6:32 p.m.•18 views

CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

5.3CVSS0.00245EPSS

Exploits0References2

CVE•added 2026/04/07 2:45 p.m.•15 views

CVE-2026-35483

The CVE concerns text-generation-webui, an open-source web interface for running Large Language Models. A path traversal vulnerability existed in load_template() before version 4.3 that allowed reading files on the server filesystem with .jinja, .jinja2, .yaml, or .yml extensions without authenti...

5.3CVSS5.9AI score0.00325EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/04/07 12:0 a.m.•6 views

Text Generation Web UI 路径遍历漏洞

Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developers. Versions of Text Generation Web UI prior to 4.3 contained a path traversal vulnerability. This vulnerability stemmed from an unauthenticated path traversal vulnerability in the loadtemplate function,...

5.3CVSS5.8AI score0.00325EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 11:26 p.m.•5 views

CVE-2026-33897

A flaw was found in Incus, a system container and virtual machine manager. An attacker with control over instance template files can exploit a vulnerability in the pongo2 templating engine. This flaw allows for arbitrary read or write operations as the root user on the host server by bypassing th...

9.9CVSS5.9AI score0.00481EPSS

Exploits0References4

Debian CVE•added 2026/03/26 10:43 p.m.•6 views

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS5.5AI score0.00481EPSS

Exploits0

CNNVD•added 2026/03/26 12:0 a.m.•4 views

Incus 安全漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.23.0 contained security vulnerabilities. These vulnerabilities stemmed from the pongo2 template in instance template files, which bypassed the chroot isolation mechanism, potentially allowing...

9.9CVSS5.9AI score0.00481EPSS

Exploits0References2

RedhatCVE•added 2026/02/20 1:22 a.m.•4 views

CVE-2026-27181

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS5.8AI score0.00708EPSS

Exploits1References1

Positive Technologies•added 2026/02/18 12:0 a.m.•5 views

PT-2026-20517

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $ REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

8.7CVSS5.8AI score0.00708EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2000-0525

Malware in sbrugna...

5CVSS6.4AI score0.01616EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2020-4971

Malware in sbrugna...

8.8CVSS8.5AI score0.02842EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-11154

Malware in sbrugna...

6.1CVSS6.3AI score0.00838EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-15862

Malware in sbrugna...

6.1CVSS6.3AI score0.00637EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-0022

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00781EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-5679

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00844EPSS

Exploits1References4

CNNVD•added 2025/04/23 12:0 a.m.•1 views

CODESYS Visualization 安全漏洞

CODESYS Visualization is a functional module from CODESYS, Germany, that turns the running state of a program into a visual interface. A security vulnerability exists in CODESYS Visualization, which stems from the fact that user administration can be bypassed, which could result in reading...

5.3CVSS6.7AI score0.00369EPSS

Exploits0References1

NVD•added 2024/10/29 1:15 p.m.•22 views

CVE-2024-7962

An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...

7.5CVSS0.00781EPSS

Exploits1References2