Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

29540 matches found

CVE
CVEadded 2026/04/21 5:12 p.m.8 views

CVE-2026-40588

The CVE-2026-40588 entry concerns blueprintUE: prior to version 4.2.0, its password change form at /profile/{slug}/edit/ lacks a current_password field and does not verify the existing password before applying a new one. If an attacker has a valid authenticated session (via XSS, session hijacking...

8.1CVSS5.8AI score0.00036EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/21 5:12 p.m.28 views

CVE-2026-40588 blueprintUE: Authenticated Password Change Does Not Verify Current Password

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/slug/edit/ does not include a currentpassword field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid authenticated session —...

8.1CVSS0.00036EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/21 5:12 p.m.3 views

EUVD-2026-24205

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/slug/edit/ does not include a currentpassword field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid authenticated session —...

8.1CVSS5.8AI score0.00036EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/21 5:11 p.m.1 views

EUVD-2026-24203

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither operation invalidates existing authenticated sessions for that user. A server-side session store...

6.5CVSS5.8AI score0.00037EPSS
Exploits0References1
CVE
CVEadded 2026/04/21 5:11 p.m.3 views

CVE-2026-40587

CVE-2026-40587 affects blueprintUE. Before 4.2.0, changing a password or completing a password reset does not invalidate existing sessions; server-side session store maps userID to sessions, and password updates modify only the users table, leaving active sessions usable. Result: an attacker with...

6.5CVSS5.8AI score0.00037EPSS
Exploits0References1
CVE
CVEadded 2026/04/21 5:10 p.m.9 views

CVE-2026-40586

CVE-2026-40586 affects blueprintUE: prior to version 4.2.0, the login form handler does not throttle or rate-limit failed authentication attempts (no IP-based limits, no per-account counters, no temporary lockout, no tarpit, no CAPTCHA). This enables unlimited credential guessing attempts against...

7.5CVSS5.8AI score0.00052EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/21 5:10 p.m.1 views

CVE-2026-40586 blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.8AI score0.00052EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/21 5:10 p.m.3 views

CVE-2026-40586

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.8AI score0.00052EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/04/21 5:10 p.m.5 views

EUVD-2026-24182

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS5.8AI score0.00052EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/21 5:9 p.m.3 views

EUVD-2026-24181

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

7.4CVSS5.8AI score0.00043EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/21 3:32 p.m.2 views

EUVD-2026-24120

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150...

5.3CVSS5.8AI score0.00104EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/21 3:32 p.m.2 views

EUVD-2026-24095

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10...

7.5CVSS5.8AI score0.00069EPSS
Exploits0References5
GithubExploit
GithubExploitadded 2026/04/21 3:21 p.m.79 views

Exploit for CVE-2026-20180

Cisco ISE RCE: Análisis Avanzado de Explotación y Remediación...

10CVSS5.8AI score0.33482EPSS
Exploits15
NVD
NVDadded 2026/04/21 1:16 p.m.3 views

CVE-2026-6779

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

5.3CVSS0.00104EPSS
Exploits0References3
NVD
NVDadded 2026/04/21 1:16 p.m.2 views

CVE-2026-6754

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS0.00069EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2026/04/21 1:16 p.m.3 views

CVE-2026-6779

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

5.3CVSS5.8AI score0.00104EPSS
Exploits0References2
OSV
OSVadded 2026/04/21 1:16 p.m.3 views

UBUNTU-CVE-2026-6754

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.8AI score0.00069EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/04/21 1:16 p.m.2 views

CVE-2026-6754

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.8AI score0.00069EPSS
Exploits0References3
OSV
OSVadded 2026/04/21 1:16 p.m.2 views

UBUNTU-CVE-2026-6779

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

5.3CVSS5.8AI score0.00104EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/21 12:41 p.m.1 views

CVE-2026-6779

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

5.3CVSS5.8AI score0.00104EPSS
Exploits0References4
Rows per page
Query Builder