CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

49 matches found

NVD•added 2026/06/12 8:16 p.m.•12 views

CVE-2026-42604

Actual is a local-first personal finance tool. The POST /openid/config endpoint in Actual Budget's sync-server versions = 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 clientsecret—to any caller who knows the bootstrap password. The endpoint also lacks authentication a...

9.1CVSS0.004EPSS

Exploits0References2

RedhatCVE•added 2026/06/05 7:15 p.m.•11 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS5.9AI score0.00123EPSS

Exploits0References1

NVD•added 2026/04/15 11:16 a.m.•6 views

CVE-2026-30778

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

7.5CVSS0.00544EPSS

Exploits0References2

Vulnrichment•added 2026/04/14 11:50 p.m.•5 views

CVE-2026-40091 SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside...

6CVSS5.8AI score0.00166EPSS

Exploits0References2

RedhatCVE•added 2026/03/26 5:0 p.m.•3 views

CVE-2026-20115

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by...

6.1CVSS5.8AI score0.00152EPSS

Exploits0References1

Positive Technologies•added 2026/03/10 12:0 a.m.•4 views

PT-2026-24614

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

7.5CVSS5.8AI score0.0111EPSS

Exploits0References4

Debian CVE•added 2026/03/07 8:51 a.m.•5 views

CVE-2026-24308

7.5CVSS7.2AI score0.0111EPSS

Exploits0

OSV•added 2026/02/24 8:27 p.m.•6 views

CVE-2025-1787

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. Could be combined with CVE-2025-1789 to achieve low privilege...

4.2CVSS5.8AI score0.00088EPSS

Exploits0References1

CVE•added 2026/02/24 6:44 p.m.•13 views

CVE-2025-1787

CVE-2025-1787 concerns Genetec Update Service. A local, authenticated administrator could leak information from the service’s configuration web page, potentially enabling elevated privileges within the Genetec Update Service. The entry notes a possible combined impact with CVE-2025-1789 for low-p...

8.8CVSS5.5AI score0.00088EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2025/11/05 12:0 a.m.•2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988996)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988996 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbdallocconfig and module removal When nbd module is being removing,...

4.7CVSS5.7AI score0.00181EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-4441

Malware in sbrugna...

9.8CVSS9.2AI score0.01274EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-23277

Malware in sbrugna...

7.5CVSS7.4AI score0.01305EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2020-1960

Malware in sbrugna...

3.3CVSS4.5AI score0.0015EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2019-7953

Malware in sbrugna...

7.5CVSS7.6AI score0.01771EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2002-0306

Malware in sbrugna...

5CVSS6.4AI score0.01661EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-12496

Malware in sbrugna...

5.3CVSS5.6AI score0.01264EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-29616

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01089EPSS

Exploits0References2

Vulnrichment•added 2025/07/09 3:39 p.m.•2 views

CVE-2025-53655

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it...

7AI score0.00313EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:34 a.m.•6 views

CVE-2019-19018

An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using...

4CVSS7AI score0.00799EPSS

Exploits1References1

Positive Technologies•added 2025/05/08 12:0 a.m.•4 views

PT-2025-20371 · Wf2220 · Wf2220

Name of the Vulnerable Software and Affected Versions: WF2220 version affected versions not specified Description: The issue concerns an exposed endpoint "/cgi-bin-igd/netcore get.cgi" that returns the device's configuration to unauthorized users, including a cleartext password. The vendor was...

8.7CVSS5.9AI score0.00195EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by