CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Positive Technologies•added 2026/06/10 12:0 a.m.•10 views

PT-2026-48501

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.4 UniFi OS Server affected versions not specified Description picklescan fails to block pkgutil.resolve name, which allows attackers to bypass the blocklist by resolving dangerous functions through indirect...

10CVSS5.7AI score0.00623EPSS

Exploits0References5

VulnCheck KEV•added 2026/06/09 12:0 a.m.•32 views

VulnCheck KEV: CVE-2026-34908

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...

10CVSS5.4AI score0.78555EPSS

In wildExploits3References4

Vulnrichment•added 2026/05/22 12:43 a.m.•20 views

CVE-2026-34908

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...

10CVSS5.7AI score0.02452EPSS

Exploits2References1

ATTACKERKB•added 2026/05/22 12:43 a.m.•8 views

CVE-2026-34908

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...

10CVSS5.7AI score0.02452EPSS

Exploits2References2

CVE•added 2026/05/22 12:43 a.m.•173 views

CVE-2026-34908

CVE-2026-34908 affects UniFi OS Server. The issue is an improper access control that can allow an unauthenticated bypass of the auth flow via a discrepancy between raw and normalized URIs in nginx, potentially leading to unauthorized changes and remote code execution. A fix is available: upgrade ...

10CVSS5.7AI score0.02452EPSS

In wildExploits2References3Affected Software1

OSV•added 2025/08/14 6:52 p.m.•2 views

MAL-2025-34908 Malicious code in test-mlw2-autos-edger (npm)

The package test-mlw2-autos-edger was found to contain malicious code...

7.2AI score

Exploits0

RedhatCVE•added 2025/02/06 1:31 a.m.•6 views

CVE-2022-34908

An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization ...

8.2CVSS7.1AI score0.00638EPSS

Exploits0References1

Circl•added 2023/02/27 4:27 p.m.•5 views

CVE-2022-34908

creationtimestamp| type| source ---|---|--- 2023-02-27 16:27:48+00:00| seen| https://t.me/cibsecurity/58938 2025-03-10 20:38:53+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7050 2025-03-11 04:41:13+00:00| seen| Telegram/k35qgeSbpJwUh4kRbnMRkyTko0pm-pVzkYlHjRFae-DuDNVg...

8.2CVSS7.3AI score0.00638EPSS

Exploits0References2

CVE•added 2023/02/27 12:0 a.m.•44 views

CVE-2022-34908

CVE-2022-34908 affects A4N (Aremis 4 Nomad) Android app (version 1.5.0). The issue is in the authentication flow: while an auth mechanism exists, some endpoints do not require a token or cookie, allowing an attacker to send a simple HTTP request to the appropriate endpoint and obtain authorizatio...

8.2CVSS7.6AI score0.00638EPSS

Exploits0References3Affected Software1

Circl•added 2022/01/14 12:24 a.m.•5 views

CVE-2021-34908

creationtimestamp| type| source ---|---|--- 2022-01-14 00:24:10+00:00| seen| https://t.me/cibsecurity/35470...

7.8CVSS7.5AI score0.02123EPSS

Exploits0References1

CVE•added 2022/01/13 9:43 p.m.•62 views

CVE-2021-34908

Bentley View 10.15.0.75 is affected by CVE-2021-34908. The issue arises in the parsing of J2K files where the attacker does not validate the existence of an object before performing operations, leading to remote code execution. Exploitation requires user interaction (e.g., visiting a malicious pa...

7.8CVSS7.8AI score0.02123EPSS

Exploits0References2Affected Software2