CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

Cvelist•added 2026/04/27 1:45 p.m.•28 views

CVE-2026-32688 Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy

Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plugcowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.toatom/1 on the value returned by :cowboyreq.scheme/1. For HTTP/2...

8.7CVSS0.00545EPSS

Exploits0References4

Circl•added 2025/10/17 9:25 p.m.•7 views

CVE-2024-32688

creationtimestamp| type| source ---|---|--- 2025-10-17 21:25:06+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m3g7iyjfyk2c...

6.5CVSS5.8AI score0.00462EPSS

Exploits0References1

EUVD•added 2025/10/07 2:39 a.m.•3 views

EUVD-2025-32688

Malicious code in solarpeng123 npm...

6.6AI score

Exploits0References1

RedhatCVE•added 2025/05/23 10:18 a.m.•15 views

CVE-2024-32688

Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0...

6.5CVSS5.1AI score0.00462EPSS

Exploits0References1

Patchstack•added 2025/04/17 8:1 a.m.•8 views

WordPress Target Video Easy Publish plugin <= 3.8.9 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability discovered by Phan Trong Quan - VNPT Cyber Immunity in WordPress Plugin Target Video Easy Publish versions = 3.8.9...

5.4CVSS8.6AI score0.00199EPSS

Exploits0Affected Software1

NVD•added 2024/04/22 11:15 a.m.•11 views

CVE-2024-32688

Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0...

6.5CVSS6.5AI score0.00462EPSS

Exploits0References1

Vulnrichment•added 2024/04/22 10:34 a.m.•15 views

CVE-2024-32688 WordPress MyRewards plugin <= 5.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0...

6.5CVSS6.9AI score0.00462EPSS

Exploits0References1

CVE•added 2024/04/22 10:34 a.m.•94 views

CVE-2024-32688

CVE-2024-32688 is a Missing Authorization vulnerability in the MyRewards plugin for WooCommerce (MyRewards). Affected range: up to version 5.3.0. The issue is documented by Red Hat and Wordfence, with Patch/Patched status indicating a fix has been released. CVSS 3.1 score is 6.5 (Network, Low com...

6.5CVSS5.1AI score0.00462EPSS

Exploits0References1

Patchstack•added 2024/04/17 12:0 a.m.•12 views

WordPress MyRewards Plugin <= 5.3.0 is vulnerable to Broken Access Control

Software MyRewards Type Plugin Vulnerable versions = 5.3.0 Fixed in 5.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32688 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 4a61d830f2db Credits Emili Castells Required...

6.5CVSS6.5AI score0.00462EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2023/05/29 6:15 p.m.•1 views

CVE-2022-32688

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

5.8AI score

Exploits0References1

Circl•added 2023/05/27 7:29 a.m.•3 views

CVE-2023-32688

creationtimestamp| type| source ---|---|--- 2023-05-27 07:29:04+00:00| seen| https://t.me/cibsecurity/64737 2025-01-14 19:11:17+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1588...

7.5CVSS7.1AI score0.009EPSS

Exploits0References2

NVD•added 2023/05/27 4:15 a.m.•10 views

CVE-2023-32688

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...

7.5CVSS5.8AI score0.009EPSS

Exploits0References3

CVE•added 2023/05/27 3:21 a.m.•56 views

CVE-2023-32688

CVE-2023-32688 concerns parse-server-push-adapter, the Push Notification adapter for Parse Server. The issue arises from an invalid push notification payload that can crash Parse Server. A fix was released in version 4.1.3, mitigating the crash by correcting payload handling. Connected sources co...

7.5CVSS6.1AI score0.009EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/05/27 3:21 a.m.•17 views

CVE-2023-32688 Invalid push request payload crashes Parse Server

4.9CVSS7.7AI score0.009EPSS

Exploits0References3

vulnersOsv•added 2023/05/22 7:50 p.m.•2 views

@evocodes/parse-server (>=2.2.11 <=2.2.27), @m1r4ge/parse-server (>=2.2.7 <=2.2.11) +36 more potentially affected by CVE-2023-32688 via parse-server-push-adapter (>=1.0.4 <=1.3.0)

parse-server-push-adapter NPM version =1.0.4, =2.2.11, =2.2.7, =2.2.7, =0.1.7, =0.0.1, =1.0.0, =2.2.3, =2.3.8, =2.2.18-mod, =2.2.25, =2.2.17, =2.3.3 and more Source cves: CVE-2023-32688 Source advisory: OSV:GHSA-MXHG-RVWX-X993...

7.5CVSS7.1AI score0.009EPSS

Exploits0

OSV•added 2021/07/12 2:15 p.m.•20 views

CVE-2021-32688

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications e.g. DAV sync clients, and can also be configured by the user to not have any...

8.8CVSS6.7AI score

Exploits0References6

CVE•added 2021/07/12 1:45 p.m.•154 views

CVE-2021-32688

Nextcloud Server tokens with application-scoped permissions could escalate their own privileges due to a missing permission check. In versions prior to 19.0.13, 20.0.11, and 21.0.3, these tokens could self-elevate and gain filesystem access. The issue is addressed in the patched releases 19.0.13,...

8.8CVSS8.6AI score0.02309EPSS

Exploits0References6Affected Software1

CVE•added 1976/01/01 12:0 a.m.•25 views

CVE-2022-32688

CVE-2022-32688 is rejected/not used and does not represent an active vulnerability entry.

7.3AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by