CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72 matches found

ATTACKERKB•added 2026/05/08 9:59 p.m.•3 views

CVE-2026-44987

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

3.8CVSS5.7AI score0.00025EPSS

Exploits0References3Affected Software1

NVD•added 2026/05/08 8:16 p.m.•9 views

CVE-2026-42176

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer token that is accepted as an admin API token. Once that setting is changed, the target email address...

6.7CVSS0.00046EPSS

Exploits0References2

RedhatCVE•added 2026/02/12 1:43 p.m.•2 views

CVE-2025-15096

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...

8.8CVSS5.7AI score0.00021EPSS

Exploits0References1

ATTACKERKB•added 2026/01/15 7:28 p.m.•3 views

CVE-2026-23622

Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EASecurity.php::csrfverify only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from...

8.8CVSS5.5AI score0.00014EPSS

Exploits1References2Affected Software1

EUVD•added 2026/01/15 7:28 p.m.•2 views

EUVD-2026-2736

8.7CVSS6.2AI score0.00014EPSS

Exploits1References3

CVE•added 2026/01/12 2:54 p.m.•6 views

CVE-2025-41077

CVE-2025-41077 affects Viafirma Inbox v4.5.13 with an Insecure Direct Object Reference (IDOR) flaw. The vulnerability allows any authenticated, unprivileged user to list all users, access and modify their data (including emails) and then use password recovery to impersonate other users, potential...

8.6CVSS6.5AI score0.00042EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 11:58 a.m.•2 views

CVE-2018-19924

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address...

6.1CVSS6.3AI score0.0024EPSS

Exploits1References1

NVD•added 2025/10/20 8:15 p.m.•4 views

CVE-2025-62527

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been...

7.1CVSS0.00035EPSS

Exploits0References2

CVE•added 2025/10/16 6:44 p.m.•6 views

CVE-2025-62425

MAS (Matrix Authentication Service) is affected by a logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 that lets an attacker with access to an authenticated MAS session perform sensitive operations without entering the current password (e.g., changing the password, adding/removing ...

8.3CVSS6.4AI score0.00097EPSS

Exploits0References2

EUVD•added 2025/10/16 6:44 p.m.•2 views

EUVD-2025-34822

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

8.3CVSS6.2AI score0.00097EPSS

Exploits0References2