Lucene search
+L

288 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-45181

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

6.1CVSS5.3AI score
Exploits0References2
NVD
NVD
added yesterday8 views

CVE-2026-51081

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

6.1CVSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

6.5CVSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60774

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

5.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

5.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday6 views

CVE-2026-51081

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60773

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4 allows an attacker wit...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday12 views

PT-2026-60772

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday34 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

Exploits0References1
Cvelist
Cvelist
added yesterday33 views

CVE-2026-51082

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager before 9.1.9 and 8.x before 8.4.19; qemu-server 9.x before 9.1.7 and 8.x before 8.4.7; and pve-container before 6.1.3 PVE 9.x and before 5.3.4 PVE 8.x allows an attacker with...

Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-51081

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-51083

Proxmox VE is affected: incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users with limited privileges to obtain hashed passwords via the cloudinit/dump API. The root cause is an access-control issue in the cloudinit/dump endpo...

6.5CVSS5.3AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/15 5:55 a.m.155 views

ExploitReaper

Exploit Reaper...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.9 views

Terraform / OpenTofu Provider for Proxmox VE 安全漏洞

Terraform/OpenTofu Provider for Proxmox VE is a software developed by Pavel Boldyrev. Versions of Terraform/OpenTofu Provider for Proxmox VE prior to 0.93.1 contained security vulnerabilities. These vulnerabilities stemmed from insecure sudoer lines in the SSH configuration files, which could lea...

8.7CVSS7.1AI score0.00431EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in Python 3.11

A vulnerability has been identified in the CPython venv module and CLI. This vulnerability arises from improper quoting of path names when creating a virtual environment. As a result, attackers can inject commands into the virtual environment “activation” scripts e.g., using “source...

7.8CVSS6.7AI score0.00647EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/13 6:45 p.m.11 views

virtualenv Has TOCTOU Vulnerabilities in Directory Creation

Impact TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's appdat...

4.5CVSS6.4AI score0.00085EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 7 : python3-3.6.8-21.0.3.el7.AXS7 (AXSA:2025-9726:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9726:01 advisory. - CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts CVEs: CVE-2024-9287 A vulnerability has been...

7.8CVSS6.8AI score0.00647EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.8 views

CVE-2022-31358

A reflected cross-site scripting XSS vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/...

9CVSS5.9AI score0.01273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.9 views

CVE-2022-35508

Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...

9.8CVSS7AI score0.01175EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.28 views

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

7.1CVSS7AI score0.0138EPSS
Exploits1References1
Rows per page
Query Builder