CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в 389-ds-base

A flaw was discovered in RHDS 11 and RHDS 12. While browsing entries using LDAP, the system attempts to decode the userPassword attribute instead of the userCertificate attribute, which could lead to sensitive information being leaked. An attacker with a local account where cockpit-389-ds is...

5.5CVSS6.1AI score0.00063EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в cloud-init

Sensitive data may have been exposed in cloud-init logs that are readable to the world before version 22.3, when schema failures were reported. This leakage could involve hashed passwords...

5.5CVSS6AI score0.00026EPSS

CNNVD•added 2026/04/15 12:0 a.m.•3 views

Apache::API::Password 安全漏洞

Apache::API::Password is a password management module provided by the Apache Foundation. Versions of Apache::API::Password up to v0.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of an insecure random number generator for generating salts, which could compromis...

7.5CVSS5.7AI score0.00019EPSS

OSV•added 2026/04/14 1:47 p.m.•2 views

SUSE-SU-2026:21112-1 Security update for pam

This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password bsc1232234...

4.7CVSS6.6AI score0.00042EPSS

Exploits0References3

OSV•added 2026/04/14 1:47 p.m.•1 views

SUSE-SU-2026:21192-1 Security update for pam

This update for pam fixes the following issue: - CVE-2024-10041: libpam: vulnerable to read hashed password bsc1232234...

4.7CVSS5.8AI score0.00042EPSS

Exploits0References3

Positive Technologies•added 2026/03/11 12:0 a.m.•1 views

PT-2026-24736

In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the /splunkd/...

6.5CVSS5.8AI score0.00048EPSS

NVD•added 2026/02/03 3:15 a.m.•4 views

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

8.9CVSS0.00011EPSS

Vulnrichment•added 2026/02/03 2:22 a.m.•2 views

CVE-2026-24933 An improper certificate validation vulnerability was found in ADM while sending HTTPS requests to the server.

8.9CVSS5.6AI score0.00011EPSS

RedhatCVE•added 2026/01/09 10:47 a.m.•8 views

CVE-2022-31177

Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The...

2.7CVSS6.5AI score0.00344EPSS

RedhatCVE•added 2026/01/09 9:51 a.m.•6 views

CVE-2020-10104

An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL...

4.3CVSS6.7AI score0.00323EPSS

RedhatCVE•added 2025/12/14 8:45 a.m.•2 views

CVE-2025-0969

The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the getusers function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including...

6.5CVSS5.7AI score0.00045EPSS

EUVD•added 2025/12/13 6:30 p.m.•1 views

EUVD-2025-203248

6.5CVSS5.2AI score0.00045EPSS

Exploits0References5

NVD•added 2025/12/13 4:16 p.m.•1 views

CVE-2025-0969

6.5CVSS0.00045EPSS

Cvelist•added 2025/12/13 8:21 a.m.•24 views

CVE-2025-0969 Brizy – Page Builder <= 2.7.16 - Authenticated (Contributor+) Sensitive Information Exposure via get_users Function

6.5CVSS0.00045EPSS

Vulnrichment•added 2025/12/13 8:21 a.m.•2 views

CVE-2025-0969 Brizy – Page Builder <= 2.7.16 - Authenticated (Contributor+) Sensitive Information Exposure via get_users Function

6.5CVSS5.3AI score0.00045EPSS

Positive Technologies•added 2025/12/13 12:0 a.m.•2 views

PT-2025-51096

The Brizy – Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.16 via the get users function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including...

6.5CVSS5.7AI score0.00045EPSS