CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/04/30 8:55 p.m.•2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authorization checks in the RegisterTemplates process. An attacker can access sensitive environment variables and configuration data by sending unauthenticated GET requests to the affected API...

8.7CVSS5.8AI score0.00309EPSS

Snyk•added 2026/04/30 8:55 p.m.•1 views

Missing Authorization

8.7CVSS5.8AI score0.00309EPSS

Snyk•added 2026/04/30 8:55 p.m.•6 views

Missing Authorization

8.7CVSS5.8AI score0.00309EPSS

Packet Storm•added 2026/04/24 12:0 a.m.•71 views

📄 Open WebUI 0.8.11 Information Disclosure

A potential access control issue was identified in Open WebUI where the Tools API and associated “valves” endpoints may expose sensitive configuration data when accessed with valid authentication tokens. The affected endpoints allow retrieval of tool metadata and configuration structures that may...

5.4AI score

Exploits0

CVE•added 2026/04/23 11:56 p.m.•12 views

CVE-2026-40431

SenseLive X3050 exposes management communications over unencrypted HTTP. The CVE-2026-40431 entry identifies cleartext transmission of authentication attempts and configuration data in the web management interface, enabling network-adjacent observers to intercept sensitive information. No explici...

6.9CVSS5.8AI score0.0019EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/04/20 12:0 a.m.•8 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

6.9CVSS7.2AI score0.00277EPSS

Exploits0References1

Snyk•added 2026/04/15 12:11 p.m.•2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /debugging/config/dump endpoint if there are second level Properties objects in the configuration. An attacker can obtain sensitive configuration details, including database credentials, by sending requests ...

7.5CVSS5.7AI score0.00544EPSS

OSV•added 2026/04/13 5:42 a.m.•4 views

BIT-KIBANA-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to information disclosure via Privilege Abuse CAPEC-122. A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be...

Positive Technologies•added 2026/04/13 12:0 a.m.•3 views

PT-2026-32432

Positive Technologies•added 2026/04/13 12:0 a.m.•2 views

PT-2026-32408

NVD•added 2026/04/12 1:16 p.m.•2 views

CVE-2019-25706

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the...

8.7CVSS0.00535EPSS

CVE•added 2026/04/12 12:28 p.m.•4 views

CVE-2019-25706

The CVE-2019-25706 entry concerns Across DR-810 routers with an unauthenticated ROM-0 backup file disclosure. An unauthenticated GET request to the rom-0 endpoint allows remote attackers to download and decompress the ROM-0 backup, exposing sensitive configuration data (including router passwords...

8.7CVSS5.8AI score0.00535EPSS

Positive Technologies•added 2026/04/12 12:0 a.m.•4 views

PT-2026-32168

8.7CVSS5.8AI score0.00535EPSS

Exploits0References4

EUVD•added 2026/04/10 4:3 p.m.•1 views

EUVD-2026-21482

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...

7.7CVSS5.9AI score0.00382EPSS

Exploits1References2

CVE•added 2026/04/10 4:3 p.m.•16 views

CVE-2026-35668

OpenClaw contains a path traversal vulnerability in its sandbox enforcement prior to version 2026.3.24. The flaw allows sandboxed agents to read arbitrary files from other agents’ workspaces through unnormalized mediaUrl and fileUrl parameter keys, due to incomplete parameter validation in normal...

7.7CVSS5.9AI score0.00382EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/04/10 12:0 a.m.•4 views

PT-2026-31979

7.7CVSS5.9AI score0.00382EPSS

Exploits1References3

Snyk•added 2026/04/09 4:14 p.m.•1 views

Incorrect Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization via the Fleet internal API endpoint. An attacker can access sensitive configuration data, including privat...