CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

133 matches found

Snyk•added 2026/03/26 9:37 p.m.•1 views

Incorrect Authorization

Overview @openclaw/nextcloud-talk is an OpenClaw Nextcloud Talk channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the auth process. An attacker can gain unauthorized access by sending requests with add-on principals that are not bound to the intended...

7.6CVSS5.9AI score0.00075EPSS

Exploits0References2

Positive Technologies•added 2026/03/25 12:0 a.m.•2 views

PT-2026-27988

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 7.11 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An issue existed in GitLab CE/EE where an unauthenticated user could bypass WebAuthn two-factor...

8.1CVSS5.9AI score0.00097EPSS

Exploits0References6

Snyk•added 2026/03/23 6:14 p.m.•2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the UEAuthentication process when a nil SuciSupiMap interface is converted. An attacker can cause the application to panic and terminate unexpectedly by sending specially crafted authentication requests...

8.7CVSS5.9AI score0.00145EPSS

Exploits0References3

Snyk•added 2026/03/16 3:30 p.m.•1 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization in the authentication process. An attacker can change another user's account password without confirmation by falsely...

3.5CVSS5.8AI score0.00067EPSS

Exploits0References2

Snyk•added 2026/03/05 9:30 p.m.•3 views

Timing Attack

Overview @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to Timing Attack via a timing side-channel in the authentication process. An attacker can obtain...

7.5CVSS5.8AI score0.00016EPSS

Exploits0References2

Veracode•added 2025/12/13 7:40 a.m.•2 views

LDAP Injection

pgAdmin is vulnerable to LDAP Injection. The vulnerability is due to improper sanitization of special LDAP characters in the username during the LDAP authentication flow, which allows an attacker to inject crafted input and cause the DC/LDAP server and client to process excessive data...

7.5CVSS5.8AI score0.00059EPSS

Exploits0References3Affected Software1