CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

93 matches found

CVE-2026-45364 Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

7.3CVSS0.0007EPSS

Exploits0References5

CVE•added last week•13 views

CVE-2026-45364

The CVE-2026-45364 issue affects Better Auth (TypeScript) where the HTTP rate limiter keyed by the leftmost x-forwarded-for value could be bypassed for IPv6. Before fixes, IPv6 prefix rotation (e.g., /64) and multiple textual representations could produce 2^64 distinct keys, letting an attacker p...

7.3CVSS5.8AI score0.0007EPSS

Exploits0References5

OSV•added 2026/02/21 11:15 p.m.•1 views

CVE-2026-2894

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...

9.1CVSS5.4AI score

Exploits0References5

RedhatCVE•added 2026/02/09 7:23 p.m.•3 views

CVE-2026-2161

A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been made...

9.8CVSS5.5AI score0.00015EPSS

Exploits1References1

NVD•added 2026/02/08 4:15 p.m.•3 views

CVE-2026-2161

9.8CVSS0.00015EPSS

Exploits1References5

OSV•added 2026/02/08 4:15 p.m.•0 views

CVE-2026-2161

9.8CVSS5.8AI score

Exploits0References5

EUVD•added 2026/02/08 4:2 p.m.•6 views

EUVD-2026-5788

9.8CVSS7.1AI score0.00015EPSS

Exploits1References5

ATTACKERKB•added 2026/02/08 4:2 p.m.•3 views

CVE-2026-2161

7.5CVSS7.1AI score0.00015EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2026/02/08 4:2 p.m.•3 views

CVE-2026-2161 itsourcecode Directory Management System forget-password.php sql injection

7.5CVSS5.5AI score0.00015EPSS

Exploits1References5

CVE•added 2026/02/08 4:2 p.m.•5 views

CVE-2026-2161

The CVE-2026-2161 entry concerns itsourcecode Directory Management System 1.0, specifically a SQL injection in /admin/forget-password.php triggered by manipulating the email parameter. The issue is exploitable remotely, and public exploits exist. Connected sources consistently describe the vulner...

9.8CVSS7.2AI score0.00015EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/02/08 4:2 p.m.•35 views

CVE-2026-2161 itsourcecode Directory Management System forget-password.php sql injection

7.5CVSS0.00015EPSS

Exploits1References5

CNNVD•added 2026/02/08 12:0 a.m.•2 views

itsourcecode Directory Management System SQL注入漏洞

itsourcecode Directory Management System is an open-source directory management system developed by itsourcecode. Version 1.0 of the itsourcecode Directory Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the "email" parameter in the file...

9.8CVSS7.2AI score0.00015EPSS

Exploits1References6

RedhatCVE•added 2026/01/01 10:28 p.m.•5 views

CVE-2025-15398

A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...

6.3CVSS4.6AI score0.00027EPSS

Exploits1References1

EUVD•added 2026/01/01 12:31 a.m.•3 views

EUVD-2025-206105

6.3CVSS6.1AI score0.00027EPSS

Exploits1References6

OSV•added 2025/12/31 10:15 p.m.•1 views

CVE-2025-15398

8.1CVSS6.6AI score

Exploits0References5

Cvelist•added 2025/12/31 10:2 p.m.•24 views

CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery

6.3CVSS0.00027EPSS

Exploits1References5

Vulnrichment•added 2025/12/31 10:2 p.m.•1 views

CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery

6.3CVSS6.3AI score0.00027EPSS

Exploits1References5

Positive Technologies•added 2025/12/31 12:0 a.m.•0 views

PT-2025-54460

Name of the Vulnerable Software and Affected Versions Uasoft badaso versions up to 2.9.7 Description A security issue exists in Uasoft badaso up to version 2.9.7 related to weak password recovery. The forgetPassword function within the src/Controllers/BadasoAuthController.php file of the Token...

6.3CVSS6AI score0.00027EPSS

Exploits1References10

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-25218

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00069EPSS

Exploits1References5

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2022-47373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password...

6.4CVSS6.1AI score0.00665EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by