CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

Veracode•added 2026/05/14 6:8 p.m.•8 views

Use Of Hard-coded Credentials

GoHarbor Harbor is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to the presence of default hard-coded credentials in the application, which allows an attacker to gain unauthorized access to the web UI using known passwords...

9.4CVSS6.9AI score0.00063EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/03/12 8:6 p.m.•1 views

CVE-2026-3611

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

10CVSS5.8AI score0.00242EPSS

Exploits1References4Affected Software7

Tenable Nessus•added 2026/03/04 12:0 a.m.•2 views

Hitachi Energy RTU500 Product Improper Handling of Insufficient Permissions or Privileges (CVE-2026-1772)

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges. This plugin only works with Tenable.ot...

5.3CVSS5.8AI score0.00015EPSS

Exploits0References3

Vulnrichment•added 2026/02/12 4:22 p.m.•5 views

CVE-2025-55210 FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

2CVSS5.6AI score0.00056EPSS

Exploits0References4

RedhatCVE•added 2026/01/27 3:23 p.m.•1 views

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

9.9CVSS5.9AI score0.31155EPSS

Exploits0References1

CVE•added 2026/01/26 10:5 a.m.•6 views

CVE-2025-59101

CVE-2025-59101 affects the dormakaba access manager web interface. The authentication model relies on per-request IP verification after a successful login, with no traditional session state stored. This enables an attacker to spoof a logged-in user’s IP to gain access, as there is no persistent s...

7.7CVSS5.9AI score0.00038EPSS

Exploits0References3

RedhatCVE•added 2025/12/23 6:29 a.m.•4 views

CVE-2025-12049

Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the...

9.2CVSS7AI score0.00057EPSS

Exploits0References1

NVD•added 2025/12/22 5:16 a.m.•3 views

CVE-2025-12049

9.8CVSS0.00057EPSS

Exploits0References1

Cvelist•added 2025/10/21 12:23 a.m.•5 views

CVE-2025-6542 OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker...

9.3CVSS0.00146EPSS

Exploits0References4

VulnCheck KEV•added 2025/10/17 12:0 a.m.•1 views

VulnCheck KEV: CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS5.8AI score0.91469EPSS

In wildExploits3References179

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-7993

Malware in sbrugna...

9CVSS9.1AI score0.00591EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-6515

Malware in sbrugna...

8.8CVSS8.6AI score0.02273EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-19514

Malware in sbrugna...

8.8CVSS8.8AI score0.006EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-8035

Malware in sbrugna...

9.8CVSS9.5AI score0.00555EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-8670

Malware in sbrugna...

9CVSS7AI score0.00969EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-22718

Malicious code in bioql PyPI...

6CVSS6.6AI score0.00134EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-32294

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01098EPSS

Exploits1References2

RedhatCVE•added 2025/07/24 10:30 p.m.•3 views

CVE-2025-41425

DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could allow an attacker to prevent legitimate users from accessing the web interface...

8.1CVSS6.5AI score0.00258EPSS

Exploits0References1

NVD•added 2025/07/15 1:15 p.m.•2 views

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

8.7CVSS0.70724EPSS

Exploits0References4

Vulnrichment•added 2025/06/09 10:5 p.m.•1 views

CVE-2025-30184 CyberData 011209 SIP Emergency Intercom Authentication Bypass Using an Alternate Path or Channel

CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path...

9.8CVSS9.6AI score0.00711EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by