CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/04/03 12:0 a.m.•7 views

ZimaOS 代码问题漏洞

ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating environment. Versions of ZimaOS prior to 1.5.3 had code vulnerabilities. These vulnerabilities stemmed from the exposed proxy endpoints in the web interface,...

10CVSS5.9AI score0.00387EPSS

Exploits1References2

Positive Technologies•added 2026/04/03 12:0 a.m.•6 views

PT-2026-30261

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...

7.1CVSS5.9AI score0.00237EPSS

EUVD•added 2026/04/02 9:32 p.m.•4 views

EUVD-2024-55531

Hirschmann Industrial IT products contain a heap overflow vulnerability in the HiLCOS web interface that allows unauthenticated remote attackers to trigger a denial-of-service condition by sending specially crafted requests to the web interface. Attackers can exploit this heap overflow to crash t...

8.7CVSS6AI score0.0043EPSS

EUVD•added 2026/04/02 9:32 p.m.•3 views

EUVD-2025-209199

HiOS Switch Platform contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an uncontrolled reboot condition through crafted HTTP requests to...

9.2CVSS6AI score0.00511EPSS

NVD•added 2026/04/02 9:16 p.m.•3 views

CVE-2025-15620

HiOS Switch Platform versions 09.1.00 through 09.4.04 and 10.0.00 through 10.3.00 contain a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending a malicious HTTP GET request to a specific endpoint. Attackers can trigger an...

9.2CVSS0.00511EPSS

NVD•added 2026/04/02 9:16 p.m.•3 views

CVE-2024-14033

Hirschmann EagleSDV firmware prior to 05.4.02 contains a denial-of-service vulnerability in TLS session establishment. Attackers can crash the device during TLS handshake by exploiting protocol downgrades to TLS 1.0 or TLS 1.1, interrupting service availability...

8.7CVSS0.0043EPSS

Cvelist•added 2026/04/02 8:40 p.m.•14 views

CVE-2024-14033 Hirschmann EagleSDV Denial of Service via TLS

8.7CVSS0.0043EPSS

ATTACKERKB•added 2026/04/02 8:40 p.m.•1 views

CVE-2024-14033

8.7CVSS5.8AI score0.0043EPSS

Exploits0References5

CVE•added 2026/04/02 8:40 p.m.•6 views

CVE-2024-14033

The CVE affects Hirschmann Industrial IT HiLCOS web interface and describes a heap overflow in the web UI that allows unauthenticated remote attackers to trigger a DoS by sending specially crafted requests. Impact is device crash and service disruption, particularly in configurations with Public ...

8.7CVSS6AI score0.0043EPSS

ATTACKERKB•added 2026/04/02 8:28 p.m.•2 views

CVE-2025-15620

9.2CVSS5.8AI score0.00511EPSS

Exploits0References3Affected Software1

CVE•added 2026/04/02 8:28 p.m.•10 views

CVE-2025-15620

The HiOS Switch Platform has a denial-of-service vulnerability in its web interface. A remote attacker can trigger an uncontrolled reboot by sending a crafted HTTP GET request to a specific endpoint, leading to service disruption and switch unavailability. The available documents confirm the web ...

9.2CVSS5.8AI score0.00511EPSS

Exploits0References2Affected Software1

EUVD•added 2026/04/02 6:29 p.m.•1 views

EUVD-2026-18502

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

5.3CVSS5.8AI score0.00211EPSS

NVD•added 2026/04/02 6:16 p.m.•1 views

CVE-2026-34725

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

8.2CVSS0.00168EPSS

RedhatCVE•added 2026/04/02 4:56 p.m.•5 views

CVE-2026-20097

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...

6.5CVSS6.2AI score0.00549EPSS

6.5CVSS6.1AI score0.00719EPSS

CVE-2026-20096

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation...

4.8CVSS6.2AI score0.00237EPSS

CVE-2026-20089

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...

RedhatCVE•added 2026/04/02 4:56 p.m.•2 views

CVE-2026-20095

6.5CVSS6.1AI score0.00929EPSS

7.3CVSS6AI score0.00264EPSS

CVE-2026-20151

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this...

4.8CVSS6.2AI score0.00223EPSS

CVE-2026-20088