CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials...

8.8CVSS6.6AI score0.00103EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:31 p.m.•2 views

CVE-2020-23828

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution RCE on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses...

9.8CVSS7.8AI score0.02309EPSS

Exploits1

RedhatCVE•added 2025/05/22 1:7 a.m.•2 views

CVE-2016-1000271

Joomla extension DT Register version before 3.1.12 Joomla 3.x / 2.8.18 Joomla 2.5 contains an SQL injection in "/index.php?controller=calendar=raw0=SQLi=events". This attack appears to be exploitable if the attacker can reach the web server...

9.8CVSS7.9AI score0.00251EPSS

Exploits1References1

OSV•added 2025/01/11 3:15 a.m.•0 views

CVE-2024-42168

HCL MyXalytics is affected by out-of-band resource load HTTP vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content...

9.4CVSS5.8AI score0.00376EPSS

Exploits0References1

Vulnrichment•added 2024/06/14 4:17 a.m.•21 views

CVE-2024-3497 Directory Traversal Remote Code Execution Vulnerability

Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL...

8.8CVSS6.9AI score0.00191EPSS

Exploits0References3

RedHat Linux•added 2023/05/09 9:51 a.m.•2 views

curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

3.7CVSS6.8AI score0.00289EPSS

Exploits1References4

OSV•added 2021/07/21 3:15 p.m.•0 views

CVE-2021-22773

A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...

6.5CVSS5.8AI score

Exploits0References1

Positive Technologies•added 2013/01/17 12:0 a.m.•1 views

PT-2013-1865 · Specview · Specview

Name of the Vulnerable Software and Affected Versions: SpecView versions 2.5 build 853 and earlier Description: A directory traversal issue in the web server allows remote attackers to read arbitrary files via a series of dots in a URI. Recommendations: For versions 2.5 build 853 and earlier,...

5CVSS6.6AI score0.07614EPSS

Exploits1References6

ThreatPost•added 2011/12/08 3:54 p.m.•7 views

Site of Dutch CA Gemnet Offline After Web Server Attack

Another certificate authority in The Netherlands has been hacked, though this time the attack does not appear to have affected the certificate-issuing operations of Gemnet, a subsidiary of KPN. The company, which does business with the Dutch government among other organizations, said it has taken...

0.9AI score

Exploits0References4