CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

CNNVD•added 2026/04/24 12:0 a.m.•5 views

Kata Containers 安全漏洞

Kata Containers is an open-source, lightweight virtual infrastructure building tool developed by the Kata Containers community. Versions 3.4.0 to 3.28.0 of Kata Containers contain security vulnerabilities. These vulnerabilities stem from improper handling of the CopyFile strategy, which may allow...

8.2CVSS5.9AI score0.00074EPSS

Exploits0References1

Tenable Nessus•added 2026/03/09 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-23925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to...

5.1CVSS5.8AI score0.00016EPSS

Exploits0References3

SUSE CVE•added 2026/03/07 12:26 a.m.•0 views

SUSE CVE-2026-23925

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

5.1CVSS5.8AI score0.00016EPSS

Exploits0References3

EUVD•added 2026/03/06 9:31 a.m.•4 views

EUVD-2026-10026

5.1CVSS5.8AI score0.00016EPSS

Exploits0References2

RedhatCVE•added 2026/03/06 9:16 a.m.•2 views

CVE-2026-23925

A flaw was found in Zabbix. An authenticated user with the 'User' role, who also possesses write permissions for templates or hosts, can exploit the configuration.import API. This allows them to create unauthorized objects, such as hosts, which can lead to a loss of confidentiality within the...

7.6CVSS5.8AI score0.00016EPSS

Exploits0References4

OSV•added 2026/03/06 9:15 a.m.•1 views

DEBIAN-CVE-2026-23925

5.1CVSS5.3AI score0.00016EPSS

Exploits0References1

NVD•added 2026/03/06 9:15 a.m.•7 views

CVE-2026-23925

5.1CVSS0.00016EPSS

Exploits0References1

OSV•added 2026/03/06 9:15 a.m.•2 views

UBUNTU-CVE-2026-23925

5.1CVSS5.8AI score0.00016EPSS

Exploits0References3

ATTACKERKB•added 2026/03/06 8:24 a.m.•3 views

CVE-2026-23925

5.1CVSS5.8AI score0.00016EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/06 8:24 a.m.•25 views

CVE-2026-23925 Unauthorized host creation via configuration.import API by low-privilege user with write permissions

5.1CVSS0.00016EPSS

Exploits0References1

Debian CVE•added 2026/03/06 8:24 a.m.•5 views

CVE-2026-23925

5.1CVSS5.3AI score0.00016EPSS

Exploits0

Positive Technologies•added 2026/03/06 12:0 a.m.•3 views

PT-2026-23666

5.1CVSS5.8AI score0.00016EPSS

Exploits0References2

NVD•added 2026/02/26 1:16 a.m.•6 views

CVE-2026-27829

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

7.2CVSS0.00076EPSS

Exploits1References2

OSV•added 2026/02/26 12:36 a.m.•3 views

CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

6.5CVSS5.9AI score0.00076EPSS

Exploits1References4

CNNVD•added 2026/02/12 12:0 a.m.•4 views

lavinmq 安全漏洞

LavinMQ is an open-source message queue and streaming media server developed by CloudAMQP. Prior to LavinMQ 2.6.8, there were security vulnerabilities. These vulnerabilities stemmed from the ability of authenticated users with the Policymaker tag to bypass access controls, allowing them to create...

8.6CVSS5.8AI score0.00041EPSS

Exploits0References5

Veracode•added 2024/09/25 7:15 a.m.•8 views

Authentication Bypass

GateOne is vulnerable to Authentication Bypass. The vulnerability is due to a flaw in the origin verification mechanism, allowing attackers to bypass the origins list check and connect to Gate One instances from unauthorized hosts...

5.3CVSS6.6AI score0.00214EPSS

Exploits1References4Affected Software1

SUSE CVE•added 2023/02/15 6:6 a.m.•2 views

SUSE CVE-2008-5339

Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka...

5CVSS6.8AI score0.01328EPSS

Exploits1References8

Cvelist•added 2021/10/27 6:56 p.m.•22 views

CVE-2021-34787 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Identity-Based Rule Bypass Vulnerability

A vulnerability in the identity-based firewall IDFW rule processing feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper...

5.3CVSS5.7AI score0.01152EPSS

Exploits0References1

CNNVD•added 2021/10/27 12:0 a.m.•1 views

Cisco Firepower Threat Defense 安全漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability exists in Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software that stems from invalid access control. ...

5.3CVSS5.9AI score0.00683EPSS

Exploits0References6

UbuntuCve•added 2010/04/01 9:30 p.m.•38 views

CVE-2010-1224

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow...

4.3CVSS5.9AI score0.01EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by