CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

SUSE CVE•added 2026/01/06 12:23 a.m.•2 views

SUSE CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS7AI score0.00013EPSS

Exploits0References2

Github Security Blog•added 2025/12/26 6:30 a.m.•6 views

Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS7AI score0.00013EPSS

Exploits0References5Affected Software1

CVE•added 2025/12/26 3:19 a.m.•15 views

CVE-2025-68943

Summary: Gitea before 1.21.8 exposes users’ login times by the lastlogintime sort on the Explore/Users page. Affected: Gitea (code.gitea.io/gitea) prior to 1.21.8, including related models/routers. Root cause: sorting logic allows inadvertent disclosure of login timestamps. Impact: disclosure of ...

5.3CVSS6.6AI score0.00013EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/12/26 3:19 a.m.•22 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS0.00013EPSS

Exploits0References3

Positive Technologies•added 2025/12/26 12:0 a.m.•2 views

PT-2025-53441

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.21.8 Description The software reveals user login times due to allowing sorting by last login time in the explore/users section. Recommendations Update to version 1.21.8 or later...

5.3CVSS6.6AI score0.00013EPSS

Exploits0References10

RedhatCVE•added 2025/12/18 8:37 p.m.•4 views

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

7.5CVSS6.6AI score0.40796EPSS

Exploits2References1

NVD•added 2025/12/17 8:15 p.m.•3 views

CVE-2025-34441

7.5CVSS0.40796EPSS

Exploits2References4

CVE•added 2025/12/17 7:48 p.m.•10 views

CVE-2025-34441

CVE-2025-34441 affects AVideo versions prior to 20.1, exposing emails, usernames, admin status, and last login times via an unauthenticated public API endpoint, enabling user enumeration/privacy violations. Connected sources also describe unauthenticated RCE paths in AVideo 14.3.1+ through notify...

7.5CVSS6.2AI score0.40796EPSS

Exploits2References4Affected Software1

ATTACKERKB•added 2025/12/17 7:48 p.m.•2 views

CVE-2025-34441

7.5CVSS5.2AI score0.40796EPSS

Exploits2References6

Vulnrichment•added 2025/12/17 7:48 p.m.•2 views

CVE-2025-34441 AVideo < 20.1 User Information Disclosure via Public API

6.9CVSS6.2AI score0.40796EPSS

Exploits2References4

Positive Technologies•added 2025/12/17 12:0 a.m.•3 views

PT-2025-51874

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 have an issue where sensitive user information is exposed through an unauthenticated public API endpoint. The responses from this endpoint include emails, usernames,...

7.5CVSS6.4AI score0.40796EPSS

Exploits2References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-31237

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00137EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:27 a.m.•3 views

CVE-2023-27461

Cross-Site Request Forgery CSRF vulnerability in Yoohoo Plugins When Last Login plugin = 1.2.1 versions...

8.8CVSS7.1AI score0.00137EPSS

Exploits0References1

OSV•added 2025/05/16 11:15 a.m.•4 views

CVE-2025-40632

Cross-site scripting XSS in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered...

6.1CVSS5.8AI score0.00167EPSS

Exploits0References1

Atlassian•added 2024/09/17 8:16 a.m.•31 views

Successful user login events using PAT does not update last login date and are not added to the audit logs

h3. Issue Summary When users authenticate on Confluence, this information should be update last login date as well as add as new events on the audit log when full coverage is enabled for the Security category. Requests made with personal access tokens PAT for REST API won't create a new entry on...

6.8AI score

Exploits0Affected Software1

OSV•added 2023/11/22 2:15 p.m.•1 views

CVE-2023-27461

Cross-Site Request Forgery CSRF vulnerability in Yoohoo Plugins When Last Login plugin = 1.2.1 versions...

8.8CVSS7.3AI score0.00137EPSS

Exploits0References1

NVD•added 2023/11/22 2:15 p.m.•7 views

CVE-2023-27461

Cross-Site Request Forgery CSRF vulnerability in Yoohoo Plugins When Last Login plugin = 1.2.1 versions...

8.8CVSS0.00137EPSS

Exploits0References1

Prion•added 2023/11/22 2:15 p.m.•12 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Yoohoo Plugins When Last Login plugin = 1.2.1 versions...

6.8CVSS7.3AI score0.00137EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/11/22 1:51 p.m.•12 views

CVE-2023-27461 WordPress When Last Login Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Yoohoo Plugins When Last Login plugin = 1.2.1 versions...

4.3CVSS9AI score0.00137EPSS

Exploits0References1

CNNVD•added 2023/11/22 12:0 a.m.•1 views

WordPress Plugin When Last Login Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS7.9AI score0.00137EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by