CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161354 matches found

ATTACKERKB•added 2026/06/01 9:17 a.m.•9 views

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS

Exploits0References2

Vulnrichment•added 2026/06/01 9:17 a.m.•8 views

CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps

6.3CVSS5.9AI score0.00114EPSS

Exploits0References1

CVE•added 2026/06/01 9:17 a.m.•21 views

CVE-2026-25599

CVE-2026-25599 involves Orca heat pump devices communicating with the Orca server over unencrypted HTTP, with missing authentication and input validation on aggregated data. This combination enables stored XSS in the heat pump web control interface and potential cookie theft, as well as attacker ...

6.3CVSS5.9AI score0.00114EPSS

Exploits0References1

EUVD•added 2026/06/01 9:17 a.m.•12 views

EUVD-2026-33617

6.3CVSS5.9AI score0.00114EPSS

Exploits0References1

NVD•added 2026/06/01 9:16 a.m.•17 views

CVE-2026-48726

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

6.5CVSS0.00368EPSS

Exploits0References3

OSV•added 2026/06/01 9:16 a.m.•9 views

PYSEC-2026-187

6.5CVSS5.9AI score0.00667EPSS

Exploits0References3

PyPA•added 2026/06/01 9:16 a.m.•8 views

PYSEC-2026-187

9.1CVSS5.9AI score0.00667EPSS

Exploits0References3Affected Software1

NVD•added 2026/06/01 9:16 a.m.•12 views

CVE-2026-44825

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

9.8CVSS0.00529EPSS

Exploits0References2

NVD•added 2026/06/01 9:16 a.m.•16 views

CVE-2026-32325

Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

8.5CVSS0.00097EPSS

Exploits0References2

NVD•added 2026/06/01 9:16 a.m.•13 views

CVE-2026-10243

A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may b...

7.5CVSS0.00629EPSS

Exploits0References6

Vulnrichment•added 2026/06/01 9:3 a.m.•10 views

CVE-2026-40544 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored Cross-Site Scripting XSS via /process/uploadbackup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the...

5.1CVSS5.9AI score0.00295EPSS

Exploits0References2

EUVD•added 2026/06/01 9:0 a.m.•11 views

EUVD-2026-33608

7.5CVSS6.7AI score0.00629EPSS

Exploits0References6

CVE•added 2026/06/01 9:0 a.m.•17 views

CVE-2026-10243

CVE-2026-10243 affects code-projects Smart Parking System 1.0, specifically an Admin Endpoint function with missing authentication leading to remote abuse. Public exploit disclosed; multiple endpoints are affected. The connected documents confirm vulnerability presence and exposure but do not pro...

7.5CVSS6.7AI score0.00629EPSS

Exploits0References6