CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

EUVD•added 2026/05/05 5:58 p.m.•2 views

EUVD-2026-25417

Codechecker has an authentication bypass for certain API calls...

10CVSS5.8AI score0.00028EPSS

Exploits0References2

Snyk•added 2026/05/05 5:58 p.m.•4 views

Incorrect Authorization

Overview codechecker is an analyzer tooling, defect database and viewer extension Affected versions of this package are vulnerable to Incorrect Authorization via the Authentication endpoint functions, including getAuthorisedNames, getPermissionsForUser, hasPermission, addPermission, and...

10CVSS5.8AI score0.00028EPSS

Exploits0References3

vulnersOsv•added 2026/05/05 5:58 p.m.•2 views

uncross (>=0.0.1 <=0.1.1) potentially affected by CVE-2026-25660 via codechecker (=6.27.3)

codechecker PYPI version =6.27.3 is affected by a known vulnerability. The following packages have a transitive dependency on codechecker and may be impacted: - uncross =0.0.1, =0.1.1 Source cves: CVE-2026-25660 Source advisory: OSV:GHSA-4V9X-CQC5-J645...

10CVSS5.8AI score0.00028EPSS

Exploits0

Github Security Blog•added 2026/05/05 5:58 p.m.•4 views

Codechecker has an authentication bypass for certain API calls

Summary Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permissions to any existing user in CodeChecker. Details The following functions are affected under the Authentication endpoint: getAuthorisedNames,...

10CVSS6AI score0.00028EPSS

Exploits0References3Affected Software1

vulnersOsv•added 2026/05/05 5:58 p.m.•2 views

uncross (>=0.0.1 <=0.1.1) potentially affected by CVE-2026-25660 via codechecker (=6.27.3)

10CVSS5.8AI score0.00028EPSS

Exploits0

OSV•added 2026/05/05 5:58 p.m.•2 views

GHSA-4V9X-CQC5-J645 Codechecker has an authentication bypass for certain API calls

10CVSS6AI score0.00028EPSS

Exploits0References3

NVD•added 2026/04/24 2:16 p.m.•3 views

CVE-2026-25660

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in...

10CVSS0.00028EPSS

Exploits0References1

Vulnrichment•added 2026/04/24 1:10 p.m.•3 views

CVE-2026-25660 Authentication bypass for certain API calls

10CVSS5.4AI score0.00028EPSS

Exploits0References1

ATTACKERKB•added 2026/04/24 1:10 p.m.•1 views

CVE-2026-25660

10CVSS5.4AI score0.00028EPSS

Exploits0References2

CVE•added 2026/04/24 1:10 p.m.•8 views

CVE-2026-25660

CVE-2026-25660 affects CodeChecker (analyzer tooling, defect DB, and viewer extension for Clang Static Analyzer and Clang-Tidy) up to version 6.27.3. The issue is an authentication bypass triggered when the URL ends with certain function calls, allowing assignment of arbitrary permissions to any ...

10CVSS5.4AI score0.00028EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/24 1:10 p.m.•23 views

CVE-2026-25660 Authentication bypass for certain API calls

10CVSS0.00028EPSS

Exploits0References1

CNNVD•added 2026/04/24 12:0 a.m.•4 views

CodeChecker 安全漏洞

CodeChecker is an open-source analysis tool developed by Ericsson, which includes Clang Static Analyzer and Clang Tidy. It also provides a database of defects and extensions for viewers. Versions of CodeChecker prior to 6.27.3 contained security vulnerabilities. These vulnerabilities stemmed from...

10CVSS5.9AI score0.00028EPSS

Exploits0References1

Positive Technologies•added 2026/04/24 12:0 a.m.•2 views

PT-2026-34878

Name of the Vulnerable Software and Affected Versions CodeChecker versions prior to 6.27.4 Description An authentication bypass exists in CodeChecker, an analyzer tooling, defect database, and viewer extension for the Clang Static Analyzer and Clang Tidy. The issue occurs when the URL ends with...

10CVSS5.8AI score0.00028EPSS

Exploits0References5

RedhatCVE•added 2026/01/07 9:18 a.m.•14 views

CVE-2025-1300

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassin...

7.4CVSS6.9AI score0.01395EPSS

Exploits0References1

Veracode•added 2025/11/05 8:40 a.m.•4 views

Buffer Overflow

CodeChecker is vulnerable to Buffer Overflow. The vulnerability is due to unsafe handling of input when executing the CodeChecker log command, and attackers can exploit this by supplying crafted log data to cause memory corruption and potentially achieve code execution...

7.8CVSS7.3AI score0.00024EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2025/10/29 10:14 p.m.•5 views

CVE-2025-40843

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects...

7.8CVSS7.2AI score0.00024EPSS

Exploits1References1

PyPA•added 2025/10/28 7:15 p.m.•7 views

PYSEC-2025-100

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldloggerlibrary, which is executed by the CodeChecker logcommand.This issue affects...

7.8CVSS6AI score0.00024EPSS

Exploits1References1Affected Software1

OSV•added 2025/10/28 7:15 p.m.•3 views

CVE-2025-40843

7.8CVSS7.3AI score

Exploits0References1

OSV•added 2025/10/28 7:15 p.m.•2 views

PYSEC-2025-100

7.8CVSS6AI score0.00024EPSS

Exploits1References1

NVD•added 2025/10/28 7:15 p.m.•3 views

CVE-2025-40843