CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

SUSE CVE•added 2026/04/14 8:47 a.m.•3 views

SUSE CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

7.8CVSS5.7AI score0.00013EPSS

Exploits0References3

EUVD•added 2026/04/07 6:31 p.m.•1 views

EUVD-2025-209270

7.8CVSS6.5AI score0.00013EPSS

Exploits0References4

Cvelist•added 2026/04/07 4:34 p.m.•16 views

CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows

7.8CVSS0.00013EPSS

Exploits0References4

CVE•added 2026/04/07 4:34 p.m.•15 views

CVE-2025-14821

CVE-2025-14821 concerns the libssh library. Multiple connected records describe a flaw where an insecure Windows default configuration causes libssh to load configuration files from C:\etc, which can be created or modified by unprivileged local users. This enables local man-in-the-middle attacks,...

7.8CVSS6.5AI score0.00013EPSS

Exploits0References4Affected Software2

Positive Technologies•added 2026/04/07 12:0 a.m.•0 views

PT-2026-30900

Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description A flaw exists in libssh that allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information. This poses a risk to the...

7.8CVSS6.2AI score0.00013EPSS

Exploits0References8

UbuntuCve•added 2026/03/18 6:16 p.m.•1 views

CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

5.9CVSS5.8AI score0.00028EPSS

Exploits1References4

Vulnrichment•added 2026/03/18 5:47 p.m.•2 views

CVE-2026-32632 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

5.9CVSS5.8AI score0.00028EPSS

Exploits1References3

OSV•added 2026/03/16 4:34 p.m.•5 views

GHSA-HHCG-R27J-FHV9 Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

Summary Glances recently added DNS rebinding protection for the MCP endpoint, but the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent host allowlist. As a result, the REST API, WebUI, and token endpoint remain...

5.9CVSS5.9AI score0.00028EPSS

Exploits1References5

Github Security Blog•added 2026/03/16 4:34 p.m.•5 views

Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding

5.9CVSS5.9AI score0.00028EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/02/10 7:15 p.m.•1 views

CVE-2025-14821

7.8CVSS5AI score0.00013EPSS

Exploits0References3

CNNVD•added 2026/02/10 12:0 a.m.•2 views

libssh 代码问题漏洞

libssh is a C-language development package from the libssh organization that allows access to SSH services. It can execute remote commands, perform file transfers, and provide a secure transmission channel for remote programs. libssh has code vulnerabilities, which stem from insecure default...

7.8CVSS6.7AI score0.00013EPSS

Exploits0References5

NVD•added 2026/01/21 11:15 p.m.•2 views

CVE-2026-24048

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the FetchUrlReader component, used by the catalog and other...

3.7CVSS0.00038EPSS

Exploits0References2

Positive Technologies•added 2026/01/01 12:0 a.m.•1 views

PT-2026-25819

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances, a system cross-platform monitoring tool, had insufficient host validation in its main REST/WebUI FastAPI application prior to version 4.5.2. This allowed the REST API, WebUI, and token...

5.9CVSS5.7AI score0.00028EPSS

Exploits1References25

RedhatCVE•added 2025/11/19 5:20 p.m.•1 views

CVE-2025-54821

An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3...

6CVSS6.6AI score0.00013EPSS

Exploits0References1

NCSC•added 2025/11/19 8:35 a.m.•7 views

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS multiple versions. The vulnerabilities include a stack-based buffer overflow that allows attackers to execute unauthorized code or commands by sending specially crafted packets. A specific vulnerability in the FortiOS CAPWAP daemon allows a remote,...

7.5CVSS7.8AI score0.00013EPSS

Exploits0References3

OSV•added 2025/11/18 5:16 p.m.•1 views

CVE-2025-54821

6CVSS5.8AI score

Exploits0References1

NVD•added 2025/11/18 5:16 p.m.•2 views

CVE-2025-54821

6CVSS0.00013EPSS

Exploits0References1

EUVD•added 2025/11/18 5:1 p.m.•2 views

EUVD-2025-198008

An Improper Privilege Management vulnerability CWE-269 in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions,...

1.9CVSS6.2AI score0.00013EPSS

Exploits0References2

Vulnrichment•added 2025/11/18 5:1 p.m.•2 views

CVE-2025-54821

1.9CVSS6.1AI score0.00013EPSS

Exploits0References1

Cvelist•added 2025/11/18 5:1 p.m.•5 views

CVE-2025-54821

1.9CVSS0.00013EPSS

Exploits0References1

Rows per page