CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

219746 matches found

hivepro•added 2026/05/07 4:45 a.m.•9 views

Cyber Insurance Requirements for Cybersecurity

Cyber Insurance Requirements for Cybersecurity Cyber insurance requirements cybersecurity teams face today are stricter than they were even a few years ago. Underwriters no longer accept a simple security questionnaire and a list of tools. They want evidence that your organization can identify...

5.9AI score

Exploits0

NVD•added 2026/05/07 4:16 a.m.•15 views

CVE-2026-41658

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for...

6.5CVSS0.00227EPSS

Exploits0References2

EUVD•added 2026/05/07 3:24 a.m.•8 views

EUVD-2026-28294

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.7AI score0.00269EPSS

Exploits0References2

EUVD•added 2026/05/07 2:58 a.m.•15 views

EUVD-2026-28266

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.8AI score0.00322EPSS

Exploits0References2

SUSE CVE•added 2026/05/07 2:22 a.m.•6 views

SUSE CVE-2026-25588

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.5CVSS6.2AI score0.01029EPSS

Exploits0References3

SUSE CVE•added 2026/05/07 2:22 a.m.•6 views

SUSE CVE-2026-25589

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...

7.5CVSS6.2AI score0.01206EPSS

Exploits0References3

SUSE CVE•added 2026/05/07 2:17 a.m.•7 views

SUSE CVE-2026-43194

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...

5.8AI score0.00533EPSS

Exploits0References3

SUSE CVE•added 2026/05/07 2:17 a.m.•8 views

SUSE CVE-2026-43218

In the Linux kernel, the following vulnerability has been resolved: media: i2c/tw9903: Fix potential memory leak in tw9903probe In one of the error paths in tw9903probe, the memory allocated in v4l2ctrlhandlerinit and v4l2ctrlnewstd is not freed. Fix that by calling v4l2ctrlhandlerfree on the...

5.5CVSS5.8AI score0.00128EPSS

Exploits0References3

Snyk•added 2026/05/07 2:9 a.m.•10 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via improper validation of the supi path parameter in multiple GET handlers. An attacker can obtain internal infrastructure details, including hostnames, ports, and API paths, by injecting control characters into th...

8.7CVSS5.8AI score0.00324EPSS

Exploits1References2

OSV•added 2026/05/07 1:58 a.m.•5 views

GHSA-6RGM-GR97-X3J5 Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI

Summary PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI Details In NewServer, the smPolicyGroup route group is created and routes are applied without attaching the router authorization middleware. In...

8.2CVSS5.8AI score0.00323EPSS

Exploits1References6

Github Security Blog•added 2026/05/07 1:58 a.m.•9 views

Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI

8.2CVSS5.8AI score0.00323EPSS

Exploits1References6Affected Software1

OSV•added 2026/05/07 1:56 a.m.•3 views

GHSA-3V3M-WC6V-X4X3 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Summary There is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. Details Argo CD masks Secret...

9.6CVSS5.8AI score0.00379EPSS

Exploits2References3

Github Security Blog•added 2026/05/07 1:26 a.m.•9 views

Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Impact Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo. Helm lookup bypass: The Helm template...

9.9CVSS5.8AI score0.00379EPSS

Exploits0References4Affected Software1

Snyk•added 2026/05/07 12:59 a.m.•5 views