CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

78 matches found

iTop Hub Connector - Information Disclosure

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info name, version and parameters can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. id: CVE-2024-32870 info: name: iTop Hub...

5.8CVSS7.1AI score0.00731EPSS

Exploits0References3

Positive Technologies•added 2026/06/11 12:0 a.m.•9 views

PT-2026-48651

Name of the Vulnerable Software and Affected Versions GitLab EE versions 13.9 through 18.10.7 GitLab EE versions 18.11 through 18.11.4 GitLab EE versions 19.0 through 19.0.1 Description Incorrect authorization enforcement allows an authenticated user with Security Manager-role permissions to mana...

4.3CVSS5.2AI score0.00182EPSS

Exploits0References6

EUVD•added 2026/05/08 1:19 p.m.•9 views

EUVD-2026-28594

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...

9.8CVSS5.8AI score0.00347EPSS

Exploits2References1

NVD•added 2026/03/31 6:16 p.m.•2 views

CVE-2026-33185

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the group email settings test endpoint could be used to make the server initiate outbound connections to arbitrary hosts a...

5.3CVSS0.0018EPSS

Exploits0References2

Positive Technologies•added 2026/03/31 12:0 a.m.•5 views

PT-2026-29319

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

5.1CVSS5.7AI score0.00188EPSS

Exploits0References6

SUSE CVE•added 2026/03/05 6:55 a.m.•2 views

SUSE CVE-2025-64175

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs' 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim's username and password, they can use any unused recovery code e.g., from their own account to...

8.8CVSS5.8AI score0.00424EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 9:25 a.m.•6 views

CVE-2023-4919

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

6.4CVSS5.7AI score0.00519EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:44 a.m.•10 views

CVE-2022-23622

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...

7.4CVSS5.5AI score0.00992EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-0369

Malware in sbrugna...

7.7CVSS5.8AI score0.0016EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-1505

Malware in sbrugna...

9CVSS6.9AI score0.01971EPSS

Exploits0References7