CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16799 matches found

EUVD•added 2026/04/16 6:31 a.m.•2 views

EUVD-2026-23175

Eaton Intelligent Power Protector IPP software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre...

6.5CVSS5.7AI score0.00319EPSS

Exploits0References2

ATTACKERKB•added 2026/04/16 4:54 a.m.•1 views

CVE-2026-22616

6.5CVSS5.7AI score0.00319EPSS

Exploits0References2

OSV•added 2026/04/16 1:16 a.m.•3 views

UBUNTU-CVE-2026-40960

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...

8.1CVSS5.8AI score0.00171EPSS

Exploits0References6

Github Security Blog•added 2026/04/16 1:2 a.m.•7 views

Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution

Summary The Froxlor API endpoint Customers.update and Admins.update does not validate the deflanguage parameter against the list of available language files. An authenticated customer can set deflanguage to a path traversal payload e.g., ../../../../../var/customers/webs/customer1/evil, which is...

9.9CVSS6.4AI score0.00524EPSS

Exploits1References5Affected Software1

NVD•added 2026/04/16 12:16 a.m.•2 views

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

8.8CVSS0.00091EPSS

Exploits0References1

UbuntuCve•added 2026/04/16 12:0 a.m.•2 views

CVE-2026-40960

8.1CVSS5.8AI score0.00171EPSS

Exploits0References4

ATTACKERKB•added 2026/04/15 11:45 p.m.•2 views

CVE-2026-5363

6CVSS5.8AI score0.00091EPSS

Exploits0References2

CVE•added 2026/04/15 7:38 p.m.•9 views

CVE-2026-39857

CVE-2026-39857 – ApostropheCMS (Node.js) : Versions 4.28.0 and earlier contain an authorization bypass in the REST API (choices and counts query parameters) where MongoDB distinct() is used in a way that ignores publicApiProjection restrictions. This allows an unauthenticated attacker to retrieve...

5.3CVSS5.8AI score0.00435EPSS

Exploits1References2Affected Software1

EUVD•added 2026/04/15 6:31 p.m.•1 views

EUVD-2026-22953

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...

4.7CVSS5.8AI score0.00202EPSS

Exploits0References2

EUVD•added 2026/04/15 6:31 p.m.•3 views

EUVD-2026-22958

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS5.8AI score0.00173EPSS

Exploits0References2

EUVD•added 2026/04/15 6:31 p.m.•2 views

EUVD-2026-22955

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

4.3CVSS6AI score0.00228EPSS

Exploits0References2

EUVD•added 2026/04/15 6:31 p.m.•2 views

EUVD-2026-22951

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...

6.1CVSS6.1AI score0.00193EPSS

Exploits0References2

NVD•added 2026/04/15 5:17 p.m.•6 views

CVE-2026-20060

4.7CVSS0.00202EPSS

Exploits0References1

NVD•added 2026/04/15 5:17 p.m.•2 views

CVE-2026-20132

4.8CVSS0.00173EPSS

Exploits0References1

NVD•added 2026/04/15 5:17 p.m.•3 views

CVE-2026-20059

6.1CVSS0.00193EPSS

Exploits0References1

NVD•added 2026/04/15 5:17 p.m.•4 views

CVE-2026-20061

6.5CVSS0.00228EPSS

Exploits0References1

CVE•added 2026/04/15 4:11 p.m.•14 views

CVE-2026-20059

Cisco Unity Connection’s web-based management interface is affected by a reflected XSS vulnerability (CVE-2026-20059). An unauthenticated, remote attacker can lure a user to click a crafted link, exploiting insufficient input validation to execute arbitrary script in the user’s browser or access ...

6.1CVSS6.1AI score0.00193EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/15 4:11 p.m.•1 views

CVE-2026-20059

6.1CVSS6.1AI score0.00193EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/15 4:11 p.m.•10 views

CVE-2026-20060

CVE-2026-20060 affects Cisco Unity Connection’s web-based management interface. It is a open-redirect vulnerability caused by improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malici...

4.7CVSS5.8AI score0.00202EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/15 4:11 p.m.•16 views

CVE-2026-20060 Cisco Unity Connection Open Redirect Vulnerability

4.7CVSS0.00202EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by