CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

200 matches found

EUVD-2026-39190

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...

6.8CVSS5.8AI score0.00121EPSS

Exploits0References4

EUVD•added 3 days ago•7 views

EUVD-2026-38681

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS5.8AI score0.0021EPSS

Exploits0References3

Github Security Blog•added 5 days ago•5 views

motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint

Summary motionEye v0.43.1 latest stable is vulnerable to path traversal in the picture and movie API endpoints, like /picture/id/preview/filename. Neither the API handlers, nor the mediafiles.py functions like getmediapreview check for .. sequences in the filename parameter, except getmediaconten...

6.5CVSS5.9AI score0.00418EPSS

Exploits0References2Affected Software1

AstraLinux•added 2026/06/19 11:10 a.m.•9 views

Astra Linux – Vulnerability in open-vm-tools

VMware Tools 12.0.0, 11.x.y, and 10.x.y contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the guest OS can escalate privileges as a root user in the virtual machine...

7.8CVSS7.1AI score0.00536EPSS

Exploits0References2

Vulnrichment•added 2026/06/12 9:3 p.m.•8 views

CVE-2026-47124 Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

6.5CVSS5.2AI score0.0027EPSS

Exploits0References1

EUVD•added 2026/06/12 8:8 p.m.•6 views

EUVD-2026-36580

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.4AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2026/06/11 8:59 a.m.•8 views

CVE-2026-49157

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.4AI score0.00424EPSS

Exploits0References1

CVE•added 2026/06/08 3:41 p.m.•24 views

CVE-2026-48507

Snipe-IT (IT asset/license management system) has a vulnerability affecting versions before 8.6.0. A non-admin user with only the granular users.edit permission can lock out admins by editing the activated flag (login eligibility) and the ldap_import flag (password reset requests). The issue is f...

7.1CVSS5.5AI score0.00194EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/08 12:0 a.m.•10 views

PT-2026-47559

Summary An authorization issue in the Scheduler API allowed authenticated non-admin users to create or modify scheduled actions that should be restricted to administrators. Details The Scheduler API did not correctly enforce administrator permissions when processing scheduler modifications. As a...

6.3CVSS5.7AI score

Exploits0References4

RedhatCVE•added 2026/06/05 7:12 p.m.•10 views

CVE-2026-39454

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...

8.5CVSS7.4AI score0.00112EPSS

Exploits0References1

Vulnrichment•added 2026/06/02 2:8 p.m.•10 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.8AI score0.00138EPSS

Exploits0References1

RedhatCVE•added 2026/06/01 10:3 p.m.•11 views

CVE-2026-44848

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

9.4CVSS5.7AI score0.00328EPSS

Exploits1References1

CVE•added 2026/06/01 4:52 p.m.•35 views

CVE-2026-45279

Nextcloud Server versions 31.0.0–31.0.13 and 32.0.0–32.0.3 are affected when {lang} is used in the template directory config value. Non-admin users can in some cases copy arbitrary files into their own Nextcloud directory via a path traversal, depending on Unix permissions. Impact is described as...

6.5CVSS5.9AI score0.00392EPSS

Exploits0References3Affected Software1

NVD•added 2026/06/01 9:16 a.m.•19 views

CVE-2026-49157

8.8CVSS0.00424EPSS

Exploits0References2

EUVD•added 2026/06/01 7:20 a.m.•13 views

EUVD-2026-33574

8.8CVSS5.8AI score0.00424EPSS

Exploits0References1

CNNVD•added 2026/06/01 12:0 a.m.•5 views

Apache ActiveMQ 权限许可和访问控制问题漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ, which stems from improper default Jolokia authorization...

8.8CVSS5.9AI score0.00424EPSS

Exploits0References2

Positive Technologies•added 2026/06/01 12:0 a.m.•14 views

PT-2026-45381

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Description Incorrect default permissions in Jolokia authorization settings allow authenticated low-privilege web-login accounts to access operations intende...

8.8CVSS5.9AI score0.00424EPSS

Exploits0References8

NVD•added 2026/05/29 6:17 p.m.•11 views

CVE-2026-45625

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS0.00387EPSS

Exploits0References1

EUVD•added 2026/05/29 5:7 p.m.•11 views

EUVD-2026-33370

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin...

8.8CVSS5.8AI score0.00245EPSS

Exploits0References1

Vulnrichment•added 2026/05/29 5:7 p.m.•8 views

CVE-2026-47125 Arcane: Missing admin authorization on global variables endpoint

8.8CVSS5.8AI score0.00245EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by