CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

499 matches found

CVE•added 2026/05/26 5:10 p.m.•7 views

CVE-2026-44707

CVE-2026-44707 (Chatwoot) : From 2.14.0 up to before 4.13.0, an authentication flow vulnerability allows a pre-registered, unowned email to set a password, enabling a Pre-Account Takeover. If the legitimate user later signs in via Google OAuth or another OmniAuth provider, the OAuth flow can sile...

6.8CVSS5.8AI score0.00043EPSS

Exploits0References3

Wired Threat Level•added 2026/04/30 5:30 p.m.•2 views

OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts

OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks...

5.3AI score

Exploits0

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35749

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

7.1CVSS5.3AI score0.00057EPSS

Exploits0References1

NVD•added 2026/04/08 7:25 p.m.•1 views

CVE-2026-35407

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

6.5CVSS0.00013EPSS

Exploits0References6

RedhatCVE•added 2026/04/03 11:1 p.m.•4 views

CVE-2026-34828

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

7.1CVSS5.8AI score0.00014EPSS

Exploits2References1

RedhatCVE•added 2026/01/27 9:23 p.m.•3 views

CVE-2025-9521

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...

6.5CVSS5.9AI score0.00046EPSS

Exploits0References1

NVD•added 2026/01/26 8:16 p.m.•2 views

CVE-2025-9521

6.5CVSS0.00046EPSS

Exploits0References2

OSV•added 2026/01/26 8:16 p.m.•2 views

CVE-2025-9521

6.5CVSS5.8AI score0.00046EPSS

Exploits0References2

EUVD•added 2026/01/26 7:35 p.m.•2 views

EUVD-2025-206348

2.1CVSS5.9AI score0.00046EPSS

Exploits0References2

Positive Technologies•added 2026/01/26 12:0 a.m.•3 views

PT-2026-4809

Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description A security issue exists in Omada Controllers that allows an attacker possessing a valid session token to bypass secondary verification. This bypass enables the attacker to alter a...

6.5CVSS5.8AI score0.00046EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 11:28 a.m.•4 views

CVE-2021-27167

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init3bbpassword in libciadaptationlayer.so...

9.8CVSS7.2AI score0.00639EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:20 a.m.•5 views

CVE-2021-28499

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in...

6.3CVSS6.8AI score0.00042EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:54 a.m.•14 views

CVE-2025-1474

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

5.5CVSS7AI score0.00104EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:43 a.m.•6 views

CVE-1999-0502

A Unix account has a default, null, blank, or missing password...

7.5CVSS7AI score0.37089EPSS

Exploits41References1

RedhatCVE•added 2026/01/07 9:29 a.m.•3 views

CVE-2019-12363

An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa=deactivate or usercp.php?action=mybb2fa=activate. A deactivate operation lowers the security ...

8.8CVSS7AI score0.00083EPSS

Exploits1References1

RedhatCVE•added 2025/12/09 12:29 p.m.•4 views

CVE-2025-42615

In affected versions, vulnerability-lookup did not track or limit failed One-Time Password OTP attempts during Two-Factor Authentication 2FA verification. An attacker who already knew or guessed a valid username and password could submit an arbitrary number of OTP codes without causing the accoun...

8.1CVSS7AI score0.00066EPSS

Exploits0References1

CNNVD•added 2025/10/30 12:0 a.m.•2 views

LibreChat 安全漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A security vulnerability exists in LibreChat version 0.7.9, which stems from a failure to properly validate the OTP or backup code during the 2FA disablement process, which could result in reduced account security...

8.8CVSS4.5AI score0.00079EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-2035

Malware in sbrugna...

5.4CVSS5.5AI score0.00319EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2007-2270

Malware in sbrugna...

4.6CVSS6.4AI score0.00104EPSS

Exploits0References8