CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

Vulnrichment•added 2026/04/27 2:54 a.m.•1 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0005EPSS

Exploits0References1

ATTACKERKB•added 2026/04/27 2:54 a.m.•2 views

CVE-2026-3867

6CVSS5.4AI score0.0005EPSS

Exploits0References2Affected Software2

EUVD•added 2026/04/27 2:54 a.m.•1 views

EUVD-2026-25756

8.7CVSS5.4AI score0.00125EPSS

Exploits0References1

CNNVD•added 2026/04/27 12:0 a.m.•5 views

Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞

The Moxa EDR-8010 Series and Moxa EDR-G9010 Series are a series of security routers produced by Moxa Corporation from Taiwan, China. Both models have security vulnerabilities. These vulnerabilities stem from improper ownership management, allowing users with low privileges to access configuration...

6CVSS5.8AI score0.0005EPSS

Exploits0References1

EUVD•added 2026/04/07 6:31 p.m.•0 views

EUVD-2026-19748

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

9.9CVSS6.4AI score0.00105EPSS

Exploits0References8

Positive Technologies•added 2026/04/07 12:0 a.m.•1 views

PT-2026-30914

Name of the Vulnerable Software and Affected Versions Windmill CE and EE versions 1.276.0 through 1.603.2 Description Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality. Authenticated attackers can inject SQL...

9.9CVSS6.4AI score0.00105EPSS

Exploits0References12

Vulnrichment•added 2026/03/25 2:19 p.m.•2 views

CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

8.8CVSS5.8AI score0.00046EPSS

Exploits0References1

Cvelist•added 2026/03/25 2:19 p.m.•17 views

CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management

8.8CVSS0.00046EPSS

Exploits0References1

CVE•added 2026/03/25 2:19 p.m.•4 views

CVE-2026-23514

Kiteworks Core vulnerability CVE-2026-23514 affects versions 9.2.0 and 9.2.1, where an access control flaw lets authenticated users access content they should not. This results in high impact on confidentiality, integrity, and availability (CVSS v3.1: 8.8; NETWORK, LOW exploitability, no user int...

8.8CVSS5.8AI score0.00046EPSS

Exploits0References1Affected Software1

Snyk•added 2025/12/10 6:30 p.m.•2 views

Improper Ownership Management

Overview Affected versions of this package are vulnerable to Improper Ownership Management due to improper context setting during Vault credentials lookup. An attacker can access and potentially capture sensitive Vault credentials by leveraging Item/Configure permissions. Remediation There is no...

5.3CVSS6.8AI score0.00126EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-51463