CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/29 2:16 p.m.•10 views

CVE-2026-49317

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

2.4CVSS0.00143EPSS

CVE•added 2026/05/29 12:42 p.m.•13 views

CVE-2026-49317

The CVE CVE-2026-49317 affects the Infotainment Digital Round on the Indian Scout Bobber + Tech 2025 model year. The vulnerability arises when the boot window relies on Wireless Control Module (WCM) traffic as a proxy for immobilizer presence. If no WCM messages are observed (e.g., by silencing W...

2.4CVSS5.8AI score0.00143EPSS

CNNVD•added 2026/05/29 12:0 a.m.•7 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The Scout Bobber + Tech has a security vulnerability, which stems from an error in the behavior displayed on the Infotainment/Digital Round display. This error may allow...

2.4CVSS5.8AI score0.00143EPSS

CNNVD•added 2026/05/29 12:0 a.m.•6 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese Indian Motorcycle company. The 2025 version of the Indian Motorcycle Scout Bobber + Tech has security vulnerabilities. These vulnerabilities stem from an error in the behavior sequence of the...

2.4CVSS5.8AI score0.00143EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•6 views

PT-2026-44842

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client id is required. The validateClient method in ClientRepository.php unconditionally returns true,...

7.6CVSS5.8AI score0.00201EPSS

RedhatCVE•added 2026/05/28 8:12 p.m.•7 views

CVE-2025-68712

SpSoft AppLock com.sp.protector.free 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce...

5.5CVSS5.8AI score0.00136EPSS

EUVD•added 2026/05/27 3:33 p.m.•8 views

EUVD-2026-32278

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

9.3CVSS5.8AI score0.00662EPSS

CNNVD•added 2026/05/27 12:0 a.m.•7 views

Spsoft APPLOCK 安全漏洞

Spsoft APPLOCK is a mobile app lock developed by Spsoft Corporation. It uses a password and fingerprint for securing applications. Version 7.9.40 of Spsoft AppLock contains a security vulnerability. This vulnerability arises from the inconsistent execution of authentication processes by the custo...

5.5CVSS5.9AI score0.00136EPSS

Exploits0References4

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43701

9.3CVSS5.9AI score0.00625EPSS

Schneier on Security•added 2026/05/26 3:2 p.m.•10 views

Identifying People Using Wi-Fi Routers

Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals. This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, th...

5.8AI score

Cvelist•added 2026/05/25 12:30 a.m.•31 views

CVE-2026-9410 Sushmi-pal Invoice-System Profile Workflow profile improper authorization

A vulnerability has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This vulnerability affects unknown code of the file /profile of the component Profile Workflow. Such manipulation of the argument ID leads to improper authorization. It is possible to launc...

5.3CVSS0.00257EPSS

Exploits0References4

Circl•added 2026/05/22 10:0 p.m.•3 views

CVE-2026-47373

creationtimestamp| type| source ---|---|--- 2026-05-22 22:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmhwoid5co26...

7.5CVSS5.8AI score0.00393EPSS

OSV•added 2026/05/22 1:16 p.m.•6 views

OESA-2026-2360 python-pip security update

%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...

4.6CVSS5.8AI score0.00144EPSS

OSV•added 2026/05/22 2:3 a.m.•0 views

ECHO-2DA5-FEA1-604D

Bulletin has no description...

8.8CVSS5.7AI score0.00601EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в opensc

A flaw was discovered in OpenSC packages that could allow for a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length PIN is passed. This issue poses a security risk, especially for OS...

6.6CVSS6.9AI score0.00925EPSS

OSV•added 2026/05/19 3:59 p.m.•3 views

MINI-H6PQ-HFVJ-H96Q

Bulletin has no description...

6.1CVSS5.7AI score0.001EPSS

OSV•added 2026/05/18 3:45 p.m.•2 views

MINI-GFQ6-W36R-F39C

Bulletin has no description...

5.3CVSS5.7AI score0.002EPSS