CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1104 matches found

CVE-2026-50636

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00074EPSS

Exploits0References1

RedhatCVE•added last week•7 views

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

7.5CVSS5.4AI score0.00041EPSS

Exploits0References1

RedhatCVE•added last week•7 views

CVE-2026-5386

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...

9.1CVSS5.5AI score0.0006EPSS

Exploits0References1

RedhatCVE•added last week•5 views

CVE-2026-6741

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

8.8CVSS5.4AI score0.00064EPSS

Exploits1References1

NVD•added 2026/06/04 3:16 a.m.•6 views

CVE-2026-41858

7.5CVSS0.00041EPSS

Exploits0References1

Cvelist•added 2026/06/04 2:10 a.m.•34 views

CVE-2026-41858

7.5CVSS0.00041EPSS

Exploits0References1

ATTACKERKB•added 2026/06/04 2:10 a.m.•5 views

CVE-2026-41858

7.5CVSS5.8AI score0.00041EPSS

Exploits0References2

CVE•added 2026/06/04 2:10 a.m.•11 views

CVE-2026-41858

The CVE fixes a weakness in Get-RandomPassword within BOSH-Ecosystem’s windows-utilities-release. The password for the Administrator account is derived from a clock-seeded PRNG, allowing a network attacker who can estimate VM boot time to reconstruct a small candidate list and recover the Adminis...

7.5CVSS5.8AI score0.00041EPSS

Exploits0References1

EUVD•added 2026/06/04 2:10 a.m.•9 views

EUVD-2026-34195

7.5CVSS5.8AI score0.00041EPSS

Exploits0References1

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46132

7.5CVSS5.8AI score0.00041EPSS

Exploits0References2

Cloud Foundry•added 2026/06/01 12:0 a.m.•4 views

CVE-2026-41858 - Brute forceable windows admin creds | Cloud Foundry

CVSS score: 6.5 Medium CVSS:3/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. windows-utilities-release – All versions prior to v0.23.0 Description Weak Randomness / Insecure Cryptographic Primitive CWE-338 in...

7.5CVSS5.8AI score0.00041EPSS

Exploits0

ATTACKERKB•added 2026/05/28 6:22 p.m.•5 views

CVE-2026-45332

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

7.5CVSS5.8AI score0.00058EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/28 6:22 p.m.•9 views

CVE-2026-45332 Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint

7.5CVSS5.8AI score0.00058EPSS

Exploits1References1

CNNVD•added 2026/05/28 12:0 a.m.•7 views

Automad 访问控制错误漏洞

Automad is a flat-file content management system and template engine developed by Marc Anton Dahmen. Versions of Automad from 2.0.0-alpha.1 to 2.0.0-beta.27 contain access control vulnerabilities. These vulnerabilities stem from ineffective access control mechanisms, allowing unauthorized attacke...

7.5CVSS5.8AI score0.00058EPSS

Exploits1References2

RedhatCVE•added 2026/05/26 8:13 p.m.•8 views

CVE-2026-3294

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.8CVSS5.8AI score0.00049EPSS

Exploits0References1

NVD•added 2026/05/22 9:16 p.m.•11 views

CVE-2026-3294

8.8CVSS0.00049EPSS

Exploits0References11

ATTACKERKB•added 2026/05/22 8:48 p.m.•5 views

CVE-2026-3294

8.7CVSS5.8AI score0.00049EPSS

Exploits0References12

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в freeipa

A flaw was identified in the FreeIPA API audit; it sends the entire FreeIPA command line to journalctl. As a result, during the FreeIPA installation process, administrative user credentials—including the administrator’s password—are inadvertently leaked into the journal database. In the worst-cas...

5.5CVSS6AI score0.00022EPSS

Exploits0References2

RedhatCVE•added 2026/05/08 8:21 p.m.•7 views

CVE-2026-41930

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...

9.8CVSS5.8AI score0.00107EPSS

Exploits0References1

EUVD•added 2026/05/06 9:31 p.m.•4 views

EUVD-2026-27883

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling...

5.8AI score0.01615EPSS

Exploits3References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by