CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

226 matches found

EUVD•added 2026/03/12 9:34 p.m.•3 views

EUVD-2026-11706

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

10CVSS5.8AI score0.05585EPSS

Exploits1References4

CVE•added 2026/02/01 12:15 p.m.•14 views

CVE-2021-47917

CVE-2021-47917 affects Simple CMS 2.1. It describes a persistent cross-site scripting (XSS) vulnerability in user input parameters that attackers can inject via the newUser and editUser modules. The injected scripts can execute on the user list preview, potentially leading to session hijacking an...

6.4CVSS5.9AI score0.00289EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/02/01 12:0 a.m.•7 views

PT-2026-5562

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

6.4CVSS5.9AI score0.00289EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 12:36 p.m.•7 views

CVE-2023-49244

Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS7AI score0.00443EPSS

Exploits0References1

Snyk•added 2025/12/04 12:31 p.m.•2 views

Insertion of Sensitive Information into Log File

Overview ansible is a simple IT automation system. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the community.general.keycloakuser module due to exposing the credentials.value field in verbose output. An attacker can obtain sensitive...

6.8CVSS6.8AI score0.00115EPSS

Exploits0References2

Veracode•added 2025/11/20 11:5 a.m.•5 views

Remote Code Execution (RCE)

Dolibarr is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the computed field parameter in the User module configuration, which allows an attacker to inject malicious input and execute arbitrary code...

8.8CVSS7.6AI score0.00483EPSS

Exploits0References4Affected Software1

EUVD•added 2025/11/10 3:31 p.m.•4 views

EUVD-2025-44060

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

6.6AI score0.00182EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-0017

Malware in sbrugna...

7.8CVSS7.7AI score0.00354EPSS

Exploits0References30

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-0002

Malware in sbrugna...

8.8CVSS8.6AI score0.02498EPSS

Exploits0References6