CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

CVE-2026-11424

A server-side request forgery SSRF vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is treated as a URL by the server and used to issue an outbound HTTP GET request without URL validation ...

8.3CVSS5.3AI score0.00043EPSS

Exploits0References1

EUVD•added 6 days ago•9 views

EUVD-2026-34917

8.3CVSS5.3AI score0.00043EPSS

Exploits0References2

CVE•added last week•13 views

CVE-2026-11431

CVE-2026-11431 describes a path traversal in Altium’s Projects Service download endpoint used by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path that bypasses validation, enabling reading arbitrary files (including entire directories returned as archives) ...

8.3CVSS5.5AI score0.00041EPSS

Exploits0References1

Vulnrichment•added last week•4 views

CVE-2026-11431 Path Traversal in Altium Projects Service Allows Arbitrary File Read

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...

8.3CVSS5.5AI score0.00041EPSS

Exploits0References1

Cvelist•added last week•29 views

CVE-2026-11431 Path Traversal in Altium Projects Service Allows Arbitrary File Read

8.3CVSS0.00041EPSS

Exploits0References1

CVE•added last week•20 views

CVE-2026-11429

Summary: CVE-2026-11429 describes a path traversal in the Git Service shared by Altium Enterprise Server and Altium 365. An authenticated user with basic git access can perform post-clone file-manipulation using unvalidated paths to move attacker-controlled content outside the repository, enablin...

10CVSS6.3AI score0.00724EPSS

Exploits0References1

ATTACKERKB•added last week•6 views

CVE-2026-11429

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.4AI score0.00724EPSS

Exploits0References2

Cvelist•added last week•28 views

CVE-2026-11429 Path Traversal in Altium Vault ScriptsController Allows Unauthenticated Remote Code Execution

Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destination path without validation, allowing arbitrary files to be written to any location writable by th...

10CVSS0.00724EPSS

Exploits0References1

Vulnrichment•added last week•4 views

CVE-2026-11424 Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information Disclosure

8.3CVSS5.3AI score0.00043EPSS

Exploits0References1

ATTACKERKB•added last week•6 views

CVE-2026-11424

8.3CVSS5.3AI score0.00043EPSS

Exploits0References2

RedhatCVE•added last week•5 views

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

10CVSS5.4AI score0.00079EPSS

Exploits0References1

Positive Technologies•added 2026/06/05 12:0 a.m.•10 views

PT-2026-47056

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server versions prior to 8.1.1 Altium 365 affected versions not specified Description A server-side request forgery SSRF exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticate...

8.3CVSS5.4AI score0.00043EPSS

Exploits0References4

Positive Technologies•added 2026/06/05 12:0 a.m.•9 views

PT-2026-47057

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server versions prior to 8.1.1 Altium 365 affected versions not specified Description A path traversal issue exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service processes...

10CVSS6.4AI score0.00724EPSS

Exploits0References7

Positive Technologies•added 2026/06/05 12:0 a.m.•9 views

PT-2026-47058

8.3CVSS5.5AI score0.00041EPSS

Exploits0References2

NVD•added 2026/05/21 2:16 a.m.•11 views

CVE-2026-9152

10CVSS0.00079EPSS

Exploits0References1

EUVD•added 2026/05/21 12:47 a.m.•14 views

EUVD-2026-31205

10CVSS5.8AI score0.00079EPSS

Exploits0References1

CVE•added 2026/05/21 12:47 a.m.•17 views

CVE-2026-9152

The CVE-2026-9152 entry concerns Altium 365 SearchService with an unauthenticated legacy SOAP endpoint that exposes search index operations. The root cause is lack of authentication/identity verification, enabling an unauthenticated attacker who knows a workspace identifier to access and manipula...

10CVSS5.8AI score0.00079EPSS

Exploits0References1

ATTACKERKB•added 2026/05/21 12:47 a.m.•5 views

CVE-2026-9152

10CVSS5.8AI score0.00079EPSS

Exploits0References2

Vulnrichment•added 2026/05/21 12:47 a.m.•6 views

CVE-2026-9152 Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction

10CVSS5.8AI score0.00079EPSS

Exploits0References1

CNNVD•added 2026/05/21 12:0 a.m.•4 views

Altium 365 访问控制错误漏洞

Altium 365 is a product design and development platform provided by the American company Altium. Altium 365 has a security vulnerability related to access control, which stems from the lack of authentication. This vulnerability could allow unauthenticated attackers to read, inject, modify, or...

10CVSS5.8AI score0.00079EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by