CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

393 matches found

CVE-2026-5171

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through...

4.3CVSS5.5AI score0.0003EPSS

Exploits0References1

RedhatCVE•added yesterday•2 views

CVE-2026-9224

Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and...

4.3CVSS5.4AI score0.00031EPSS

Exploits0References1

RedhatCVE•added yesterday•2 views

CVE-2026-8477

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

2.7CVSS5.5AI score0.00037EPSS

Exploits0References1

NVD•added 2026/05/22 4:16 p.m.•5 views

CVE-2026-5171

4.3CVSS0.0003EPSS

Exploits0References1

ATTACKERKB•added 2026/05/22 3:28 p.m.•3 views

CVE-2026-5171

4.3CVSS5.8AI score0.0003EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/22 3:27 p.m.•14 views

CVE-2026-8477

CVE-2026-8477 describes an issue in Devolutions Server where the sealed-entry workflow for entry sensitive-data retrieval can be bypassed: an authenticated user with access to a sealed entry could fetch its sensitive data without triggering the unseal audit via a crafted API request. Affected ver...

2.7CVSS5.8AI score0.00037EPSS

Exploits0References1Affected Software1

CVE•added 2026/05/22 3:25 p.m.•18 views

CVE-2026-9224

CVE-2026-9224 : The issue in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request due to missing authorization in the user profile update feature. Affected: Devolutions Server 2026.1.6.0–2026.1.16.0 and 2025.3.20.0 and e...

4.3CVSS5.8AI score0.00031EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/22 12:0 a.m.•8 views

PT-2026-42785

5.8AI score0.0003EPSS

Exploits0References1

Vulnrichment•added 2026/05/06 4:16 p.m.•4 views

CVE-2026-20034 Cisco Unity Connection Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...

8.8CVSS6.3AI score0.00445EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в docker.io-app

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The likelihood of this being exploited...

9.9CVSS6.9AI score0.03345EPSS

Exploits0References2

RedhatCVE•added 2026/04/30 8:48 p.m.•2 views

CVE-2026-6706

Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request. This issue affects Server: from 2026.1.6.0 through 2026.1.14.0, through 2025.3.18.0...

6.5CVSS5.2AI score0.00038EPSS

Exploits0References1

NVD•added 2026/04/28 2:16 p.m.•0 views

CVE-2026-6706

6.5CVSS0.00038EPSS

Exploits0References1

ATTACKERKB•added 2026/04/28 1:11 p.m.•1 views

CVE-2026-6706

6.5CVSS5.2AI score0.00038EPSS

Exploits0References2Affected Software1

EUVD•added 2026/04/28 1:11 p.m.•0 views

EUVD-2026-26049

Improper access control in the vault documentation feature in Devolutions Server 2026.1.14.0 and earlier allows an authenticated attacker to read documentation content from unauthorized vaults via a crafted API request...

6.5CVSS5.2AI score0.00038EPSS

Exploits0References1

RedhatCVE•added 2026/04/27 7:23 p.m.•3 views

CVE-2026-6979

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

6.5CVSS6.1AI score0.00014EPSS

Exploits0References1

NVD•added 2026/04/25 12:15 p.m.•1 views

CVE-2026-6979

6.5CVSS0.00014EPSS

Exploits0References4

Vulnrichment•added 2026/04/25 12:0 p.m.•0 views

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

6.5CVSS5.1AI score0.00014EPSS

Exploits0References4

Cvelist•added 2026/04/25 12:0 p.m.•27 views

CVE-2026-6979 devlikeapro WAHA API Request media.controller.ts server-side request forgery

6.5CVSS0.00014EPSS

Exploits0References4

Positive Technologies•added 2026/04/25 12:0 a.m.•2 views

PT-2026-35149

6.5CVSS6.2AI score0.00014EPSS

Exploits0References5

CNNVD•added 2026/04/25 12:0 a.m.•5 views

WAHA 代码问题漏洞

WAHA is an open-source WhatsApp HTTP API service tool developed by devlikeapro. Versions of WAHA prior to 2026.3.4 contained code vulnerabilities. These vulnerabilities stemmed from unknown features in the component’s API Request Handler, specifically in the file src/api/media.controller.ts, whic...

6.5CVSS6.7AI score0.00014EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by