CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

89 matches found

Veracode•added 2026/05/27 9:11 a.m.•6 views

Improper Access Control

@delmaredigital/payload-puck is vulnerable to Improper Access Control. The vulnerability is due to the use of Payload's local API with overrideAccess: true in /api/puck/ CRUD endpoints, which allows an attacker to bypass collection-level access controls and perform unauthorized actions...

9.8CVSS5.8AI score0.00071EPSS

Exploits1References3Affected Software1

OSV•added 2026/04/08 12:15 a.m.•0 views

GHSA-65W6-PF7X-5G85 @delmaredigital/payload-puc is missing authorization on /api/puck/* CRUD endpoints allows unauthenticated access to Puck-registered collections

Impact All /api/puck/ CRUD endpoint handlers registered by createPuckPlugin called Payload's local API with the default overrideAccess: true, bypassing all collection-level access control. The access option passed to createPuckPlugin and any access rules defined on Puck-registered collections wer...

9.4CVSS6AI score0.00071EPSS

Exploits1References5

NVD•added 2026/04/07 9:17 p.m.•1 views

CVE-2026-39397

@delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior to 0.6.23, all /api/puck/ CRUD endpoint handlers registered by createPuckPlugin called Payload's local API with the default overrideAccess: true, bypassing all collection-level access control. The...

9.8CVSS0.00071EPSS

Exploits1References3

ATTACKERKB•added 2026/04/07 8:9 p.m.•0 views

CVE-2026-39397

9.4CVSS5.9AI score0.00071EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-31018

Name of the Vulnerable Software and Affected Versions @delmaredigital/payload-puck versions prior to 0.6.23 Description The @delmaredigital/payload-puck plugin for PayloadCMS, a visual page builder integration, had a critical issue where access control was bypassed. Specifically, all CRUD endpoin...

9.4CVSS5.9AI score0.00071EPSS

Exploits1References12

CNNVD•added 2023/12/05 12:0 a.m.•1 views

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a file override access vulnerability in the Settings application. Successful exploitati...

5.5CVSS5.6AI score0.00038EPSS

Exploits0References4

CNNVD•added 2023/06/05 12:0 a.m.•1 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that originates from a public interface method in the WMS being called by a malicious three-way app,...

5.3CVSS5.8AI score0.00075EPSS

Exploits0References3

CNNVD•added 2023/06/05 12:0 a.m.•2 views

Huawei HarmonyOS 安全漏洞

5.3CVSS5.8AI score0.00075EPSS

Exploits0References3

Positive Technologies•added 2022/03/22 12:0 a.m.•1 views

PT-2022-2057 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.0.0 and earlier Argo CD versions 0.8.0 through 0.9.x Argo CD versions 0.5.0 through 0.7.x Description: The issue is related to an improper access control bug in Argo CD, allowing a malicious user to potentially escalate the...

10CVSS6.9AI score0.00396EPSS

Exploits1References23

CNVD•added 2020/10/25 12:0 a.m.•1 views

Vulnerability in Ecstore of Shanghai Shangpai Network Technology Co.

Ecstore is based on a new generation of "e-commerce solution-driven engine" ECOS development of enterprise-class open source online store system , the system is based on the PHP language and MYSQL database framework for the development of cross-platform open-source program . Ltd. Ecstore has an...

6.8AI score

Exploits0

CNVD•added 2020/10/25 12:0 a.m.•1 views

BEESCMS suffers from an override access vulnerability

BEESCMS is a scalable content management system CMS based on PHP and MySQL. BEESCMS suffers from an override access vulnerability. An attacker can exploit the vulnerability to log in to the administrator backend without a password...

6.9AI score

Exploits0

CNVD•added 2019/11/18 12:0 a.m.•1 views

Vulnerabilities in the Employment Information Network System of Beijing Rongzhi Chuangxiang Information Technology Co.

Beijing Rongzhi Chuangxiang Information Technology Co., Ltd, is a company engaged in Internet software development. An override access vulnerability exists in the Employment Information Network system, which can be exploited by attackers to obtain sensitive information...

6.7AI score

Exploits0

CNVD•added 2019/11/14 12:0 a.m.•0 views

Override access vulnerability in Kaixin helpdesk system

The Kaixin Helpdesk Helpdesk helps IT to collect the problems handled on a daily basis and generate reports to quantify the work. An override access vulnerability exists in the Qixing Helpdesk system, which can be exploited by an attacker to spoof the server side and achieve override operation...

6.9AI score

Exploits0

CNVD•added 2019/11/13 12:0 a.m.•1 views

CmsEasy has an override access vulnerability

Ltd. CmsEasy Ease2Easy enterprise website system, also known as Ease2Easy enterprise website program, is Ease2Easy to develop China's first set of free enterprise website templates for marketing enterprise website management system, the system front html, fully SEO-compliant, as well as online...

6.8AI score

Exploits0

CNVD•added 2019/11/13 12:0 a.m.•0 views

Vulnerabilities in the website building system of Guangzhou Lingke Puhua Network Technology Co.

Guangzhou LingKePuHua Network Technology Co., Ltd. station building system is a set of content management system. There is an override access vulnerability in the Guangzhou Lingke Puhua Network Technology Co., Ltd. website builder system that can be exploited by attackers to obtain sensitive...

6.7AI score

Exploits0

CNVD•added 2019/10/29 12:0 a.m.•1 views

Override Access Vulnerability in TurboCRM

TruboCRM Management System is a customer relationship management system. An override access vulnerability exists in TurboCRM, which can be exploited by an attacker to log in and access unauthorized pages...

6.9AI score

Exploits0

CNVD•added 2019/10/28 12:0 a.m.•1 views

Huawei Cloud Storage Application Override Access and File Upload Vulnerability

Cloud storage is a new concept developed on the basis of the extension and derivation of cloud computing, the integrated use of distributed processing, parallel processing and grid computing and other means, the network of different types of storage devices through the application software...

6.8AI score

Exploits0

CNVD•added 2019/10/28 12:0 a.m.•0 views

AliCloud Storage Application Override Access and File Upload Vulnerability

7AI score

Exploits0

CNVD•added 2019/10/16 12:0 a.m.•0 views

LJCMS has an override access vulnerability

LJCMS is a free and open source content management system. LJCMS suffers from an override access vulnerability that can be exploited by attackers to obtain sensitive information...

6.8AI score

Exploits0

CNVD•added 2019/09/02 12:0 a.m.•1 views

XpShop Mall System Vulnerability in Shenzhen Xinpu Software Development Co.

Shenzhen Xinpu Software Development Co., Ltd. is an e-commerce system development as the core of the station-building company. Shenzhen Xinpu Software Development Co., Ltd XpShop mall system has an override access vulnerability, which can be exploited by attackers to obtain sensitive information...

6.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by