CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/17 1:16 p.m.•16 views

CVE-2018-25332

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS0.00199EPSS

ATTACKERKB•added 2026/05/17 12:11 p.m.•7 views

CVE-2018-25332

Exploits1References4Affected Software1

EUVD•added 2026/05/17 12:11 p.m.•9 views

EUVD-2018-21853

CVE•added 2026/05/17 12:11 p.m.•13 views

CVE-2018-25332

CVE-2018-25332 - GitBucket 4.23.1 Unauthenticated Remote Code Execution Affected software: GitBucket 4.23.1. Vulnerability: An unauthenticated remote code execution flaw exists due to weak secret token generation and insecure file upload functionality. Adversaries can brute-force the Blowfish enc...

Exploits1References4Affected Software1

Vulnrichment•added 2026/05/17 12:11 p.m.•9 views

CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution

Cvelist•added 2026/05/17 12:11 p.m.•37 views

CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution

9.8CVSS0.00199EPSS

GithubExploit•added 2026/05/17 7:41 a.m.•46 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Security Lab "React2Shell" This repository c...

10CVSS6.1AI score0.82011EPSS

Exploits364

Tenable Nessus•added 2026/05/17 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-41051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. CVE-2026-41051 Note...

5.1CVSS5.5AI score0.00012EPSS

Exploits0References3

Positive Technologies•added 2026/05/17 12:0 a.m.•11 views

PT-2026-41558

Name of the Vulnerable Software and Affected Versions GitBucket version 4.23.1 Description An issue allows unauthenticated remote code execution through weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious J...

9.8CVSS6.5AI score0.00199EPSS

Exploits1References7

CNNVD•added 2026/05/17 12:0 a.m.•5 views

GitBucket 访问控制错误漏洞

GitBucket is an open-source Git code hosting platform based on Scala. Version 4.23.1 of GitBucket contains a vulnerability related to access control. This vulnerability stems from the generation of weak secret tokens and the insecure file upload feature, which may allow unauthenticated attackers ...

9.8CVSS6.1AI score0.00199EPSS

Veracode•added 2026/05/16 5:48 a.m.•11 views

Improper Access Control

getgrav/grav-plugin-api is vulnerable to Improper Access Control. The vulnerability is due to an insecure direct object reference and flawed permission update logic in UsersController::update, which allows an attacker to escalate privileges to Super Administrator and gain full system access...

8.8CVSS5.8AI score0.00053EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/05/15 10:10 p.m.•34 views

CVE-2026-8700 Crypt::DSA versions before 1.20 for Perl generate seeds using rand

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage...

0.00016EPSS

Exploits0References2

NVD•added 2026/05/15 9:16 p.m.•7 views

CVE-2026-45385

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, an IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same...

4.3CVSS0.00036EPSS

CVE•added 2026/05/15 9:3 p.m.•13 views

CVE-2026-44569

Open WebUI CVE-2026-44569 describes an IDOR in the channel messages management system. Before version 0.6.19, authenticated users could modify or delete any message in channels they can read because message ownership validation was missing in the backend update/delete endpoints, even though the f...

7.1CVSS5.8AI score0.00036EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/05/15 9:3 p.m.•28 views

CVE-2026-44569 Open WebUI: Insecure Message Access Breaks Authorization

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.19, there's an IDOR in the channels message management system that allows authenticated users to modify or delete any message within channels they have read access to. The vulnerability...

7.1CVSS0.00036EPSS

Vulnrichment•added 2026/05/15 8:36 p.m.•5 views

CVE-2026-45386 Open WebUI: An IDOR vulnerability exists in the pin_channel_message API endpoint

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin is a write operation modifies the message's ispinned , pinnedby, pinnedat fields, but in standard channels it only checks read permission, allowing users with read-only...

4.3CVSS5.8AI score0.00036EPSS

Vulnrichment•added 2026/05/15 8:33 p.m.•7 views

CVE-2026-45396 Open WebUI: Mass Assignment via FeedbackForm extra=allow Allows Feedback User ID Spoofing and Evaluation Data Manipulation

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.9AI score0.00043EPSS