CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1199 matches found

CVE-2026-50876

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS0.00162EPSS

Exploits0References1

Positive Technologies•added 5 days ago•8 views

PT-2026-49316

Name of the Vulnerable Software and Affected Versions Deck9 Input version 2.0.1 Description Incorrect access control in the "/form/webhooks/webhook" endpoint allows authenticated attackers to arbitrarily modify or delete webhooks belonging to other tenants by sending a crafted request...

8.1CVSS5.9AI score0.00282EPSS

Exploits0References4

NVD•added 2026/06/10 4:16 p.m.•5 views

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS0.00393EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 2:59 p.m.•8 views

CVE-2026-34031

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to...

6.5CVSS5.5AI score0.00403EPSS

Exploits0References1

Cvelist•added 2026/06/10 2:57 p.m.•24 views

CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation

0.00393EPSS

Exploits0References1

Vulnrichment•added 2026/06/10 2:57 p.m.•7 views

CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation

5.4AI score0.00393EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 8:59 a.m.•9 views

CVE-2026-34905

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...

6.5CVSS5.4AI score0.00325EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 8:59 a.m.•10 views

CVE-2026-34033

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...

5.4CVSS5.5AI score0.00308EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 8:59 a.m.•9 views

CVE-2026-25699

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

6.1CVSS5.4AI score0.00357EPSS

Exploits0References1

Snyk•added 2026/06/09 10:23 a.m.•3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

7.1CVSS5.3AI score0.00325EPSS

Exploits0References2

Snyk•added 2026/06/09 10:23 a.m.•4 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload through the image decoding process. An attacker can cause the server process to crash by uploading a specially crafted TIFF file that triggers excessive memory allocation. Remediation Upgrade...

7.1CVSS5.4AI score0.00421EPSS

Exploits0References2

NVD•added 2026/06/09 9:16 a.m.•10 views

CVE-2026-34905

6.5CVSS0.00325EPSS

Exploits0References2

NVD•added 2026/06/09 9:16 a.m.•10 views

CVE-2026-34033

5.4CVSS0.00308EPSS

Exploits0References2

NVD•added 2026/06/09 9:16 a.m.•9 views

CVE-2026-25688

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are...

6.1CVSS0.00357EPSS

Exploits0References2

NVD•added 2026/06/09 9:16 a.m.•11 views

CVE-2026-25699

6.1CVSS0.00357EPSS

Exploits0References2

Cvelist•added 2026/06/09 7:35 a.m.•33 views

CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access

0.00325EPSS

Exploits0References1

EUVD•added 2026/06/09 7:35 a.m.•7 views

EUVD-2026-35372

6.5CVSS5.4AI score0.00325EPSS

Exploits0References1

EUVD•added 2026/06/09 7:34 a.m.•6 views

EUVD-2026-35370

6.5CVSS5.5AI score0.00403EPSS

Exploits0References1

Cvelist•added 2026/06/09 7:34 a.m.•33 views

CVE-2026-33582 Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

0.00421EPSS

Exploits0References1

CVE•added 2026/06/09 7:34 a.m.•22 views

CVE-2026-33582

The CVE-2026-33582 issue affects Apache Answer up to version 2.0.0, where a crafted TIFF image can trigger excessive memory allocation during decoding, allowing an authenticated user to crash the server process. Upgrade to version 2.0.1 to fix the issue. The reported CVSS vector indicates MEDIUM ...

6.5CVSS5.4AI score0.00421EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by