CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/04/28 10:39 p.m.•1 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through improper validation of the nick parameter in the user update process. An attacker can modify immutable account identifiers by intercepting and altering POST requests, potentially sabotaging audit trails,...

5.3CVSS5.8AI score0.00018EPSS

Snyk•added 2026/04/16 10:48 p.m.•4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the decidedByUserId field in approval-related endpoints. An attacker can forge decision attribution by supplying an arbitrary user identifier in the request body, causing the system to...

5.3CVSS5.9AI score

Snyk•added 2026/04/16 10:48 p.m.•6 views

Insufficient Verification of Data Authenticity

5.3CVSS5.9AI score

RedhatCVE•added 2026/04/13 5:23 p.m.•2 views

CVE-2026-40023

A flaw was found in Apache Log4cxx. An attacker who can influence logged data can exploit this by injecting characters forbidden by the XML 1.0 specification a standard for encoding documents into log messages, Network Device Configuration NDC, and Mapped Diagnostic Context MDC property keys and...

6.3CVSS5.7AI score0.00292EPSS

Exploits0References8

RedhatCVE•added 2026/04/13 5:23 p.m.•1 views

CVE-2026-40021

A flaw was found in Apache Log4net. An attacker who can influence specific data fields within log messages can exploit this vulnerability. By injecting characters forbidden by the XML 1.0 specification, the attacker can cause an exception during log serialization, leading to the silent loss of lo...

6.3CVSS5.7AI score0.00285EPSS

Debian CVE•added 2026/04/10 3:45 p.m.•1 views

CVE-2026-40023

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...

6.3CVSS5.3AI score0.00292EPSS

RedhatCVE•added 2026/03/26 3:0 p.m.•3 views

CVE-2026-33143

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...

NVD•added 2026/03/20 9:17 p.m.•1 views

Exploits1References1

CVE-2026-33143

8.7CVSS0.00015EPSS

Exploits1References1

ATTACKERKB•added 2026/03/20 8:5 p.m.•1 views

CVE-2026-33143

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/20 8:5 p.m.•7 views

CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification

OSV•added 2026/03/20 8:5 p.m.•2 views

Exploits1References1

CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification

OSV•added 2026/03/18 5:25 p.m.•1 views

Exploits1References3

GHSA-G5PH-F57V-MWJC OneUptime WhatsApp Webhook Missing Signature Verification

Summary The WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any unauthenticated attacker to send forged webhook payloads that manipulate notification delivery stat...

8.7CVSS6.1AI score0.00015EPSS

Exploits1References3

Positive Technologies•added 2026/03/18 12:0 a.m.•3 views

PT-2026-26199

8.7CVSS6.1AI score0.00015EPSS

Exploits1References7

The Hacker News•added 2024/03/08 9:49 a.m.•32 views

Secrets Sensei: Conquering Secrets Management Challenges

In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. Howeve...

7.1AI score

Rockylinux•added 2023/01/23 2:30 p.m.•12 views

tracker bug fix update

An update is available for tracker. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tracker is a powerful desktop-neutral first class object database, tag and...

0.8AI score

Ivan 'd0znpp' Novikov•added 2021/08/25 1:6 p.m.•32 views

Insufficient Logging Monitoring☝️ — What you need to know

Insufficient Logging Monitoring☝️ — What you need to know Introduction API10:2019 Insufficient Logging & Monitoring What is Insufficient Logging & Monitoring? The title already says a lot but this vulnerability is a bit more complex than it was at first sight, of course the API is vulnerable if it...

7.5AI score

Imperva Blog•added 2021/07/07 6:12 p.m.•87 views

Oracle Auditing Part 3: Unified Auditing

This is the third, and last, article on the topic of Oracle auditing. It is relevant to Oracle 12c only. With Unified Auditing, Oracle simplified the task of auditing activities in a modern database environment, and rather than having to learn multiple methods, patterns, and techniques for both...

6.9AI score

Fedora•added 2021/03/20 12:21 a.m.•71 views

[SECURITY] Fedora 34 Update: tracker3-3.1.0~rc-1.fc34

Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. It consists of a common object database that allows entities to have an almost infinite number of properties, metadata both embedded/harvested as well as user definable, a comprehensive...

5.5CVSS3.9AI score0.0008EPSS

Exploits1

Microsoft Secure•added 2020/04/06 4:0 p.m.•32 views

Turning collaboration and customer engagement up with a strong identity approach

In these challenging times, it’s even more apparent that modern companies are managing a blended workforce that encompasses not only their full-time staff and customers but also their contractors, consultants, subsidiaries, suppliers, partners, and soon-to-be customers. Balancing friction-less...

0.6AI score