CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

260 matches found

Positive Technologies•added 2026/05/22 12:0 a.m.•9 views

PT-2026-42725

Name of the Vulnerable Software and Affected Versions ZTE MU5250 affected versions not specified Description An information disclosure issue exists due to improper configuration of the access control mechanism, which allows attackers to obtain information without authorization. Recommendations At...

7.5CVSS5.4AI score0.00047EPSS

Exploits0References6

F5 Networks•added 2026/05/13 1:30 p.m.•11 views

K000156734: BIG-IP Configuration utility vulnerability CVE-2026-40699

Security Advisory Description A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. CVE-2026-40699 Impact This vulnerability may allow a low-privileged authenticated...

7.1CVSS5.7AI score0.00072EPSS

Exploits0Affected Software11

RedhatCVE•added 2026/04/03 3:6 p.m.•3 views

CVE-2026-35543

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email that includes Scalable Vector Graphics SVG content with animation attributes. This vulnerability may lead to unauthorized information disclosure or an...

5.3CVSS5.9AI score0.00015EPSS

Exploits0References2

Vulnrichment•added 2026/04/01 4:29 p.m.•2 views

CVE-2026-20155 Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerability is due to improper authorization...

8CVSS5.9AI score0.00134EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:13 p.m.•2 views

CVE-2025-40841

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery CSRF vulnerability which, if exploited, can lead to unauthorized modification of certain information...

5.1CVSS5.8AI score0.00018EPSS

Exploits0References1

NVD•added 2026/03/25 2:16 p.m.•3 views

CVE-2025-27260

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information...

7.5CVSS0.00039EPSS

Exploits0References2

ATTACKERKB•added 2026/03/13 9:10 p.m.•2 views

CVE-2026-26133

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.1CVSS5.8AI score0.00054EPSS

Exploits0References2Affected Software20

Positive Technologies•added 2026/02/23 12:0 a.m.•5 views

PT-2026-21527

Name of the Vulnerable Software and Affected Versions ZIA affected versions not specified Description An issue exists in the ZIA Admin UI related to the improper handling of user-supplied input. This could allow an authenticated administrator to potentially access or retrieve unauthorized interna...

5.5CVSS5.2AI score0.00074EPSS

Exploits0References4

Patchstack•added 2025/12/12 11:53 p.m.•9 views

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin 4.7.0-4.7.3 - Missing Authorization to Unauthenticated Information Disclosure

Missing Authorization to Unauthenticated Information Disclosure vulnerability discovered by kr0d in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions 4.7.0-4.7.3...

3.7CVSS6.4AI score0.00049EPSS

Exploits0Affected Software1