CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161 matches found

Github Security Blog•added 2026/05/04 7:59 p.m.•5 views

Kirby CMS's system API endpoint leaks installed version and license data to authenticated users

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. ---- Introduction Missing authorization allows authenticated users to perform actions they are not intended to have access to. The effects of missing authorization can...

5.3CVSS5.8AI score0.00029EPSS

Exploits0References5Affected Software1

EUVD•added 2026/03/12 12:31 a.m.•3 views

EUVD-2026-11478

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The explo...

5.3CVSS5.6AI score0.00322EPSS

Exploits0References7

CVE•added 2026/03/09 9:32 a.m.•8 views

CVE-2026-3813

opencc JFlow contains a vulnerability CVE-2026-3813 affecting the function Calculate in src/main/java/bp/wf/httphandler/WF_CCForm.java. The issue enables injection and can be triggered remotely; an exploit is publicly available. The project uses a rolling release model and does not disclose affec...

9.8CVSS6.3AI score0.00053EPSS

Exploits1References5Affected Software1

CVE•added 2026/01/15 1:14 p.m.•9 views

CVE-2026-22645

CVE-2026-22645 is linked to SICK’s product stack, with related documentation noting vulnerabilities in Grafana that affect only the administrative log-management UI and not the Incoming Goods Suite UI. The public descriptions identify that the application discloses components, versions, and licen...

5.3CVSS6.5AI score0.00019EPSS

Exploits0References6Affected Software1

EUVD•added 2026/01/15 1:14 p.m.•5 views

EUVD-2026-2804

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

5.3CVSS6.3AI score0.00019EPSS

Exploits0References7

RedhatCVE•added 2025/12/03 2:2 p.m.•6 views

CVE-2025-66205

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...

9.8CVSS7.6AI score0.00033EPSS

Exploits0References1

NVD•added 2025/12/01 9:15 p.m.•1 views

CVE-2025-66205

9.8CVSS0.00033EPSS

Exploits0References2

CVE•added 2025/10/29 9:54 p.m.•15 views

CVE-2025-61959

The CVE-2025-61959 entry concerns Vertikal Systems’ Hospital Manager Backend Services. Connected sources confirm concrete details: prior to 19 Sep 2025, the product exposed a live ASP.NET tracing endpoint (/trace.axd) without authentication, enabling remote attackers to harvest request metadata, ...

6.9CVSS6.6AI score0.00043EPSS

Exploits0References2Affected Software1

CVE•added 2025/10/27 8:18 p.m.•14 views

CVE-2025-62524

PILOS (Frontend for BigBlueButton) before version 4.8.0 disclosed PHP version information via the X-Powered-By header, enabling server fingerprinting. The vulnerability originates from the base PHP image and can also be inferred from the PILOS footer or GitHub source. It has been patched in PILOS...

5.3CVSS6.2AI score0.00042EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-25391

Malware in sbrugna...

4.3CVSS4.8AI score0.00119EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-25393

Malware in sbrugna...

5.3CVSS5.7AI score0.0014EPSS

Exploits0References3