CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

117 matches found

NextCloud Forms security vulnerabilities

NextCloud Forms is an open-source, hosted questionnaire and form creation tool developed by NextCloud. Versions of NextCloud Forms prior to 5.2.6 contained a security vulnerability due to a lack of permission checks. This vulnerability could allow users to request access to other users’ form...

6.5CVSS5.8AI score0.00022EPSS

Exploits0References3

Snyk•added 4 days ago•2 views

Malicious Package

Overview @cloudplatform-single-spa/mlspace-access-request is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score

Exploits0References2

RedhatCVE•added 2026/01/09 9:11 a.m.•6 views

CVE-2022-35646

IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096...

5.9CVSS6.2AI score0.00108EPSS

Exploits0References1

Github Security Blog•added 2026/01/02 3:28 p.m.•5 views

Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling

SignalK Server exposes two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated polling of access request status. Unauthenticated WebSocket Request Enumeration: When ...

9.1CVSS6.9AI score0.00056EPSS

Exploits1References5Affected Software1

EUVD•added 2026/01/02 3:28 p.m.•2 views

EUVD-2025-206136

Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling...

9.1CVSS6.4AI score0.00056EPSS

Exploits1References4

Github Security Blog•added 2026/01/02 3:20 p.m.•6 views

Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Summary A Denial of Service DoS vulnerability allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Details The...

7.5CVSS7.1AI score0.00085EPSS

Exploits1References5Affected Software1

NVD•added 2026/01/01 7:15 p.m.•1 views

CVE-2025-68620

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated...

9.1CVSS0.00056EPSS

Exploits1References2

Vulnrichment•added 2026/01/01 6:37 p.m.•2 views

CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...

6.3CVSS5.8AI score0.00021EPSS

Exploits1References2

OSV•added 2026/01/01 6:37 p.m.•2 views

CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing

6.3CVSS6.1AI score0.00021EPSS

Exploits1References4

OSV•added 2026/01/01 6:29 p.m.•1 views

CVE-2025-68620 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling

9.1CVSS7.1AI score0.00056EPSS

Exploits1References4

Cvelist•added 2026/01/01 6:29 p.m.•20 views

CVE-2025-68620 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling

9.1CVSS0.00056EPSS

Exploits1References2

Vulnrichment•added 2026/01/01 6:8 p.m.•1 views

CVE-2025-68272 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service DoS vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a...

7.5CVSS6.5AI score0.00085EPSS

Exploits1References2

Positive Technologies•added 2026/01/01 12:0 a.m.•2 views

PT-2026-1024

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server is a server application used on boats. Versions prior to 2.19.0 contain issues that allow attackers to steal JWT authentication tokens without prior authentication. This is...

9.1CVSS6.9AI score0.00056EPSS

Exploits1References10

Tenable Nessus•added 2025/11/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-6601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have...

6.5CVSS6AI score0.00019EPSS

Exploits0References2

RedhatCVE•added 2025/10/28 12:27 a.m.•4 views

CVE-2025-6601

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow...

6.5CVSS6.7AI score0.00019EPSS

Exploits0References1

EUVD•added 2025/10/27 12:30 a.m.•2 views

EUVD-2025-35954

2.7CVSS6.4AI score0.00019EPSS

Exploits0References5

NVD•added 2025/10/27 12:15 a.m.•1 views

CVE-2025-6601

6.5CVSS0.00019EPSS

Exploits0References3

OSV•added 2025/10/27 12:15 a.m.•0 views

UBUNTU-CVE-2025-6601