CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/20 7:35 p.m.•23 views

CVE-2026-9139 Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml

9.8CVSS0.00156EPSS

EUVD•added 2026/05/20 7:35 p.m.•4 views

EUVD-2026-31179

9.8CVSS5.8AI score0.00156EPSS

ATTACKERKB•added 2026/04/29 8:13 a.m.•1 views

CVE-2026-42513

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

8.8CVSS5.5AI score0.00426EPSS

CVE•added 2026/04/29 8:13 a.m.•8 views

CVE-2026-42513

CVE-2026-42513 affects e-Sushrut HMIS. The vulnerability stems from improper authentication logic that relies on client-side response parameters to determine login status, enabling a remote attacker to intercept and modify server responses to bypass authentication and gain unauthorized access to ...

8.8CVSS5.6AI score0.00426EPSS

Exploits0References1

Vulnrichment•added 2026/04/28 1:13 p.m.•2 views

CVE-2026-40551 Use of Client-Side Authentication in mpGabinet

mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the application binary and authenticate as an arbitrary user. This issue affects mpGabinet version 23.12.19...

Cvelist•added 2026/04/28 1:13 p.m.•24 views

CVE-2026-40551 Use of Client-Side Authentication in mpGabinet

8.4CVSS0.00027EPSS

CVE•added 2026/04/28 1:13 p.m.•2 views

CVE-2026-40551

mpGabinet is affected by a vulnerability where client-side authentication can be bypassed. An attacker with access to any application instance connected to the backend can manipulate the application binary to authenticate as an arbitrary user, bypassing login verification. Affected versions are 2...

EUVD•added 2026/04/28 1:13 p.m.•1 views

EUVD-2026-26045

CNNVD•added 2026/04/28 12:0 a.m.•2 views

BinSoft mpGabinet 安全漏洞

BinSoft mpGabinet is a medical clinic management system developed by the Polish company BinSoft. Versions of BinSoft mpGabinet prior to December 23, 2019, contained security vulnerabilities. These vulnerabilities stemmed from the execution of client-side authentication processes, which could allo...

8.4CVSS6AI score0.00027EPSS

Exploits0References1

Positive Technologies•added 2026/04/28 12:0 a.m.•0 views

PT-2026-35721

EUVD•added 2026/04/24 12:31 a.m.•0 views

EUVD-2026-25359

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these...

9.8CVSS5.7AI score0.00099EPSS

Exploits0References4

NVD•added 2026/04/24 12:16 a.m.•1 views

CVE-2026-35503

9.8CVSS0.00099EPSS

CNNVD•added 2026/04/24 12:0 a.m.•4 views

SenseLive X3050 信任管理问题漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a trust management vulnerability. This vulnerability stems from the fact that the authentication logic in the web management interface is...

9.8CVSS5.8AI score0.00099EPSS

Exploits0References1

CVE•added 2026/04/23 11:50 p.m.•5 views

CVE-2026-35503

SenseLive X3050 vulnerable via its web management interface: authentication is performed client-side using hardcoded values in browser-executed scripts, enabling an attacker with access to the login page to retrieve exposed parameters and gain unauthorized administrative access. Base scores are C...

9.8CVSS5.7AI score0.00099EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/23 11:50 p.m.•27 views

CVE-2026-35503 SenseLive X3050 Use of Hard-coded Credentials

9.8CVSS0.00099EPSS