CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

76 matches found

CVE-2026-49189

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

8.5CVSS

Exploits0References1

CVE•added 5 hours ago•8 views

CVE-2026-49189

CVE-2026-49189 involves unchecked public access permissions on a core Broadcast Receiver, enabling unauthorized local software components to invoke administrative operations. The available documents identify the vulnerable component as a Broadcast Receiver and describe the root cause as permissio...

8.5CVSS5.8AI score

Exploits0References1

ATTACKERKB•added 5 hours ago•4 views

CVE-2026-49189

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

8.5CVSS5.8AI score

Exploits0References2

Nuclei•added 6 hours ago•8 views

Loan Management System 1.0 - SQL Injection

Loan Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2025-9744 info: name:...

9.8CVSS7.2AI score0.0094EPSS

Exploits3References3

CVE•added 6 days ago•10 views

CVE-2026-6075

The Media Library Assistant WordPress plugin is affected by a Cross-Site Request Forgery (CSRF) vulnerability up to version 3.35 due to missing nonce verification on bulk action handlers in the settings tab. This could allow an unauthenticated attacker to trick an administrator into performing bu...

8.1CVSS5.8AI score0.00043EPSS

Exploits0References11

Snyk•added 2026/05/08 10:59 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the nnef-oam route group due to missing inbound authentication and authorization checks. An attacker can gain unauthorized access to administrative operations by sending unauthenticated requests to the exposed...

10CVSS5.8AI score0.00045EPSS

Exploits1References3

Snyk•added 2026/05/08 10:59 p.m.•3 views

Missing Authorization

10CVSS5.8AI score0.00045EPSS

Exploits1References3

CVE•added 2026/04/22 11:57 p.m.•38 views

CVE-2026-41176

CVE-2026-41176 affects the rclone RC interface. The RC endpoint options/set is exposed without AuthRequired, allowing an unauthenticated attacker to mutate global runtime configuration (including rc.NoAuth) and bypass authorization for many RC methods. Versions affected: 1.45.0 up to 1.73.4; fixe...

9.8CVSS5.8AI score0.26321EPSS

In wildExploits1References3Affected Software1

CNNVD•added 2026/04/09 12:0 a.m.•2 views

WordPress plugin Ziggeo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.9AI score0.0007EPSS

Exploits0References13

RedhatCVE•added 2026/03/26 2:57 p.m.•1 views

CVE-2026-22172

OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding. Attackers can exploit this logic flaw to present unauthorize...

9.9CVSS5.8AI score0.00021EPSS

Exploits0References1

Github Security Blog•added 2026/03/20 3:31 p.m.•5 views

Duplicate Advisory: OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rqpp-rjj8-7wv8. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that...

9.9CVSS5.7AI score0.00021EPSS

Exploits0References4Affected Software1

EUVD•added 2026/03/20 3:31 p.m.•3 views

EUVD-2026-13704

9.9CVSS5.8AI score0.00021EPSS

Exploits0References3

CNNVD•added 2026/03/16 12:0 a.m.•2 views

RealtyScript 跨站请求伪造漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery and stored-xss attacks, potentially allowing attackers to execute...

6.9CVSS5.8AI score0.00039EPSS

Exploits2References3

OSV•added 2026/03/13 8:55 p.m.•2 views

GHSA-RQPP-RJJ8-7WV8 OpenClaw: WebSocket shared-auth connections could self-declare elevated scopes

Summary A logic flaw in the OpenClaw gateway WebSocket connect path allowed certain device-less shared-token or password-authenticated backend connections to keep client-declared scopes without server-side binding. A shared-authenticated client could present elevated scopes such as operator.admin...

9.9CVSS5.9AI score0.00021EPSS

Exploits0References5

OSV•added 2026/02/06 8:16 p.m.•4 views

PYSEC-2026-74

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.8AI score0.00026EPSS

Exploits0References5

OSV•added 2026/02/06 8:16 p.m.•0 views

CVE-2026-1709

9.8CVSS5.7AI score0.00026EPSS

Exploits0References5