CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2396 matches found

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS6.5AI score0.03559EPSS

Exploits1References3

NVD•added yesterday•6 views

CVE-2025-33128

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

5.4CVSS

Exploits0References1

ATTACKERKB•added yesterday•2 views

CVE-2026-8059

IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

6.1CVSS5.5AI score

Exploits0References2Affected Software2

Cvelist•added yesterday•18 views

CVE-2026-8059 Multiple Vulnerabilities in IBM Datacap

6.1CVSS

Exploits0References1

Cvelist•added yesterday•15 views

CVE-2026-11372 IBM TRIRIGA Cross-Site Scripting Vulnerability

IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS

Exploits0References1

Nuclei•added yesterday•19 views

Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS7.5AI score0.8323EPSS

Exploits1References5

Nuclei•added 2 days ago•22 views

Crestron Device - Credentials Disclosure

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

10CVSS7.3AI score0.75711EPSS

Exploits5References5

Cvelist•added 2026/06/15 11:56 p.m.•26 views

CVE-2026-12162

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain...

0.00112EPSS

Exploits0References1

Positive Technologies•added 2026/06/15 12:0 a.m.•15 views

PT-2026-49550

5.2AI score0.00112EPSS

Exploits0References2

Cvelist•added 2026/06/12 10:19 p.m.•32 views

CVE-2026-12068 Avira Password Manager credential disclosure via cross-origin autofill in Firefox

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when...

7.4CVSS0.00263EPSS

Exploits0References1

Vulnrichment•added 2026/06/12 10:19 p.m.•5 views

CVE-2026-12068 Avira Password Manager credential disclosure via cross-origin autofill in Firefox

7.4CVSS5.4AI score0.00263EPSS

Exploits0References1

CVE•added 2026/06/12 10:19 p.m.•40 views

CVE-2026-12068

CVE-2026-12068 describes an information disclosure in Avira Password Manager when used with Mozilla Firefox across Windows, macOS, and Linux. A remote attacker in a cross-origin iframe can cause incorrect autofill field selection to reveal credentials autofilled on the parent page. Affected compo...

7.4CVSS5.4AI score0.00263EPSS

Exploits0References1

RedhatCVE•added 2026/06/09 8:59 p.m.•7 views

CVE-2026-39908

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...

7.1CVSS5.5AI score0.0054EPSS

Exploits0References1

NVD•added 2026/06/08 5:16 p.m.•8 views

CVE-2026-39908

7.1CVSS0.0054EPSS

Exploits0References2

ATTACKERKB•added 2026/06/08 4:47 p.m.•5 views

CVE-2026-39908

7.1CVSS5.5AI score0.0054EPSS

Exploits0References3

Cvelist•added 2026/06/08 4:47 p.m.•33 views

CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source

7.1CVSS0.0054EPSS

Exploits0References2

CVE•added 2026/06/08 4:47 p.m.•18 views

CVE-2026-39908

OpenBullet2 ≤ v0.3.2 on Windows suffers a credential disclosure via a UNC-path proxy source. When a job loads proxies from an attacker-controlled UNC path, an SMB authentication occurs and reveals the NTLMv2 hash of the process user, enabling relay or offline cracking. Affected component is the p...

7.1CVSS5.6AI score0.0054EPSS

Exploits0References2

RedhatCVE•added 2026/06/05 7:23 p.m.•7 views

CVE-2026-25550

Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The service registers an unauthenticated singleton endpoint — BarTenderSystem for BarTender 2016 = R9, and...

9.8CVSS6.5AI score0.00729EPSS

Exploits0References1

ATTACKERKB•added 2026/06/04 5:13 p.m.•9 views

CVE-2026-25550

9.8CVSS6.5AI score0.00729EPSS

Exploits0References3