CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

92 matches found

NextGen Mirth Connect - Remote Code Execution

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability id: CVE-2023-37679 info: name: NextGen Mirth Connect - Remote Code Execution...

9.8CVSS8AI score0.94416EPSS

Exploits22References5

GithubExploit•added 6 days ago•67 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228 - SOC Report Analysis Overview...

10CVSS7.9AI score0.94358EPSS

Exploits341

RedhatCVE•added 2026/03/06 6:26 p.m.•0 views

CVE-2026-26017

A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use TOCTOU fla...

7.7CVSS5.6AI score0.00021EPSS

Exploits0References5

RedhatCVE•added 2026/03/05 8:25 p.m.•2 views

CVE-2026-26999

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. A remote unauthenticated client can exploit this vulnerability by sending an incomplete Transport Layer Security TLS record, which causes the TLS handshake to stall indefinitely. This can lead to resource exhaustion, such as fi...

7.5CVSS5.7AI score0.0002EPSS

Exploits0References6

RedhatCVE•added 2026/03/04 11:49 p.m.•2 views

CVE-2026-2297

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

5.7CVSS5.7AI score0.00011EPSS

Exploits0References8

RedhatCVE•added 2026/02/20 11:49 p.m.•4 views

CVE-2026-27121

svelte is a performance oriented web framework. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious...

5.6CVSS5.8AI score0.00011EPSS

Exploits0References4

RedhatCVE•added 2026/02/12 6:14 p.m.•3 views

CVE-2025-41117

A cross site scripting flaw has been discovered in Grafana's Explore Traces view. This view can be rendered as raw HTML and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API...

6.8CVSS5AI score0.00017EPSS

Exploits0References4

RedhatCVE•added 2026/02/11 8:31 p.m.•3 views

CVE-2025-69872

A deserialization flaw was found in python-diskcache. This component uses Python pickle for serialization by default. An attacker with write access to the cache directory can exploit this vulnerability to achieve arbitrary code execution when a victim application reads from the cache. The impact ...

9.8CVSS7.5AI score0.00041EPSS

Exploits1References5

RedhatCVE•added 2026/02/10 1:3 a.m.•2 views

CVE-2026-24683

A heap buffer use after free has been discovered in FreeRDP. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Mitigation Mitigation for this iss...

8.7CVSS5.7AI score0.00022EPSS

Exploits0References5

RedhatCVE•added 2026/01/19 2:1 p.m.•2 views

CVE-2026-1190

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

3.1CVSS5.8AI score0.00023EPSS

Exploits0References3

OSSF Malicious Packages•added 2025/11/12 4:29 a.m.•3 views

Malicious code in link-await-hydra-bellatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e220cc1a4907d0adb9c57a3c648f2f94a2bd56c3c791b05377f7ea379437add This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0

OSV•added 2025/11/11 7:44 a.m.•2 views

MAL-2025-110909 Malicious code in widespread_bobolink-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12676b5ca8f737dff742d5a8a67bd6679d4d38f7fbc1b8e69e7fa3267c225d95 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

OSSF Malicious Packages•added 2025/11/11 7:44 a.m.•2 views

Malicious code in widespread_bobolink-tool (npm)

6.9AI score

Exploits0

OSSF Malicious Packages•added 2025/11/11 7:31 a.m.•3 views

Malicious code in widespread_unicorn_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 494a49c0d1eb84127bc15ce035adcca87655f49e761226cac6cbce7c526b7902 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0