CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/05 9:16 p.m.•2 views

CVE-2026-29077

7.1CVSS0.0007EPSS

ATTACKERKB•added 2026/03/05 8:22 p.m.•0 views

CVE-2026-29077

Exploits0References2Affected Software1

EUVD•added 2026/03/05 8:22 p.m.•2 views

EUVD-2026-9882

CNNVD•added 2026/03/05 12:0 a.m.•2 views

Frappe 安全漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 15.98.0 and 14.100.0 have security vulnerabilities. These vulnerabilities stem from a lack of validation when sharing documents,...

Positive Technologies•added 2026/03/05 12:0 a.m.•2 views

PT-2026-23508

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.98.0 Frappe versions prior to 14.100.0 Description Frappe is a full-stack web application framework. A flaw exists due to insufficient validation during document sharing, potentially allowing a user to share a...

OSV•added 2026/02/11 8:25 p.m.•2 views

Exploits0References4

CVE-2025-64487 Outline is vulnerable to privilege escalation vulnerability in document sharing

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in...

7.6CVSS5.5AI score0.00015EPSS

Exploits0References4

Cvelist•added 2026/02/11 8:25 p.m.•21 views

CVE-2025-64487 Outline is vulnerable to privilege escalation vulnerability in document sharing

7.6CVSS0.00015EPSS

The Hacker News•added 2025/12/29 9:44 a.m.•5 views

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six differen...

6.5AI score

Exploits0

OSV•added 2025/12/20 11:36 a.m.•3 views

BIT-ELK-2025-68386 Kibana Improper Authorization

Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to change a document's sharing type to "global," even though they do not have permission to do so, making it visible to everyone in the space via a crafted a HTTP request...

4.3CVSS6.8AI score0.00026EPSS

EUVD•added 2025/12/19 12:31 a.m.•1 views

EUVD-2025-204406

4.3CVSS6.3AI score0.00026EPSS

CVE•added 2025/12/18 10:21 p.m.•5 views

CVE-2025-68386

CVE-2025-68386 — Kibana : A vulnerability described as Improper Authorization (CWE-285) could allow an authenticated user to escalate privileges by changing a document’s sharing type to “global” via a crafted HTTP request, making it visible to everyone in the space. The issue arises from insuffic...

4.3CVSS6.5AI score0.00026EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52371

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An improper authorization issue exists in Kibana that can lead to privilege escalation. An authenticated user can modify a document's sharing type to "global" without the necessary permissions...

4.3CVSS6.2AI score0.00026EPSS

Exploits0References6

Fedora•added 2024/12/17 4:1 a.m.•12 views

[SECURITY] Fedora 41 Update: python-notebook-7.3.1-1.fc41

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

6.1CVSS6.8AI score0.00172EPSS

Exploits1

Exploit DB•added 2024/01/31 12:0 a.m.•261 views

RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC

RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption PoC Vendor: Royal Apps GmbH Web page: https://www.royalapps.com Affected version: 6.0.1.1000 macOS Summary: Royal TS is an ideal tool for system engineers and other IT professionals who need remote access to systems with different protocols...

7.4AI score

Exploits0

OSV•added 2023/09/19 9:15 a.m.•0 views

CVE-2023-41387

A SQL injection in the flutterdownloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and...

9.1CVSS6AI score