CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6534 matches found

Cvelist•added 2026/03/02 11:22 p.m.•21 views

CVE-2026-1566 LatePoint <= 5.2.7 - Authenticated (Agent+) Privilege Escalation

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS0.003EPSS

Exploits0References2

OSV•added 2026/03/02 12:16 p.m.•2 views

CVE-2025-58402

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

7.5CVSS5.8AI score0.00215EPSS

Exploits0References2

OSV•added 2026/03/02 9:16 a.m.•2 views

CVE-2026-20435

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...

4.6CVSS5.9AI score0.00115EPSS

Exploits0References1

NVD•added 2026/03/02 9:16 a.m.•4 views

CVE-2026-20435

4.6CVSS0.00115EPSS

Exploits0References1

Cvelist•added 2026/03/02 8:39 a.m.•26 views

CVE-2026-20435

0.00115EPSS

Exploits0References1

CVE•added 2026/03/02 8:39 a.m.•73 views

CVE-2026-20435

In the preloader, a logic error enables reading device unique identifiers, potentially causing local information disclosure with physical access and no required privileges or user interaction. Patch ALPS10607099 / MSV-6118 is noted. Documents reference a Mediatek security bulletin; exploitation s...

4.6CVSS6.1AI score0.00115EPSS

Exploits0References1Affected Software5

ATTACKERKB•added 2026/03/02 8:39 a.m.•5 views

CVE-2026-20435

4.6CVSS6.1AI score0.00115EPSS

Exploits0References2

EUVD•added 2026/03/02 8:39 a.m.•2 views

EUVD-2026-9160

4.6CVSS6.1AI score0.00115EPSS

Exploits0References1

Vulnrichment•added 2026/03/02 8:39 a.m.•2 views

CVE-2026-20435

6.1AI score0.00115EPSS

Exploits0References1

Positive Technologies•added 2026/03/02 12:0 a.m.•3 views

PT-2026-26419

Summary In [email protected], sandbox network hardening blocks network=host but still allows network=container:. This can let a sandbox join another container's network namespace and reach services available in that namespace. Preconditions and Trust Model Context This issue requires a...

9.8CVSS5.8AI score0.00265EPSS

Exploits0References11

Positive Technologies•added 2026/03/02 12:0 a.m.•4 views

PT-2026-22560

Name of the Vulnerable Software and Affected Versions MediaTek chips affected versions not specified Description A logic error in the preloader component allows the reading of device unique identifiers. This can lead to local information disclosure if an attacker has physical access to the device...

4.6CVSS6AI score0.00115EPSS

Exploits0References21

Tenable Nessus•added 2026/03/01 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-40932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator ...

8.2CVSS5.5AI score0.002EPSS

Exploits0References3

NVD•added 2026/02/28 10:16 p.m.•3 views

CVE-2026-28562

wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::gettopics where the ORDER BY clause relies on ineffective escsql sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials...

9.8CVSS0.00428EPSS

Exploits0References3