CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

405 matches found

ATTACKERKB•added 2026/05/05 8:35 p.m.•2 views

CVE-2026-41950

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

6.5CVSS5.9AI score0.00034EPSS

Exploits1References4

CNNVD•added 2026/04/15 12:0 a.m.•7 views

AVEVA Pipeline Simulation 安全漏洞

AVEVA Pipeline Simulation is a pipeline simulation software developed by AVEVA, a British company. AVEVA Pipeline Simulation has a security vulnerability. This vulnerability stems from improper permission verification, which may allow unverified attackers to perform privileged operations, resulti...

9.3CVSS5.8AI score0.00059EPSS

Exploits0References1

CNNVD•added 2026/04/15 12:0 a.m.•5 views

Lenovo Software Fix 安全漏洞

Lenovo Software Fix is a system repair tool developed by the Chinese company Lenovo. Lenovo Software Fix has a security vulnerability, which stems from improper permission verification during the installation process. This vulnerability may allow locally authenticated users to execute code with...

7.3CVSS6AI score0.00016EPSS

Exploits0References1

CNNVD•added 2026/04/15 12:0 a.m.•5 views

Lenovo Software Fix 安全漏洞

6.6CVSS5.9AI score0.00017EPSS

Exploits0References1

Snyk•added 2026/03/17 10:49 a.m.•2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient verification of user permissions in the redirects process. An attacker can gain unauthorized access to redirect records by editing a page without proper access controls. Remediation Upgrade...

4.3CVSS5.8AI score0.00032EPSS

Exploits0References2

CNNVD•added 2026/03/04 12:0 a.m.•3 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to Craft CMS 5.9.0-beta.1 and 4.17.0-beta.1 contained security vulnerabilities. These vulnerabilities stemmed from a lack of permission verification during repeated entry operations, which could allow...

5.3CVSS5.8AI score0.00042EPSS

Exploits1References3

OSV•added 2026/01/14 3:15 a.m.•2 views

CVE-2025-68959

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS5.8AI score0.0001EPSS

Exploits0References3

CVE•added 2026/01/14 2:35 a.m.•9 views

CVE-2025-68970

Technical details (affected products, versions, exploit vectors, and fixes) are not publicly provided in the supplied documents. Monitor for forthcoming updates from vendors and security advisories.

6.1CVSS6.6AI score0.00015EPSS

Exploits0References3Affected Software2

Positive Technologies•added 2026/01/14 12:0 a.m.•2 views

PT-2026-2575

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.1CVSS7AI score0.00015EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 12:36 p.m.•3 views

CVE-2023-49247

Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS6.9AI score0.00095EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:33 p.m.•4 views

CVE-2023-31226

The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality...

7.5CVSS7AI score0.00161EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:20 a.m.•2 views

CVE-2021-22490

There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance...

5.3CVSS6.8AI score0.00151EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:59 a.m.•2 views

CVE-2023-50253

Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which...

9.6CVSS6.2AI score0.00054EPSS

Exploits1References1

RedhatCVE•added 2025/11/08 12:55 a.m.•3 views

CVE-2025-63691

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...

9.6CVSS6.7AI score0.00076EPSS

Exploits1References1

Cvelist•added 2025/10/11 3:45 a.m.•2 views

CVE-2025-58277

Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS0.00008EPSS

Exploits0References1

EUVD•added 2025/10/08 12:0 a.m.•2 views

EUVD-2025-33286

An issue in the permission verification module and organization/application editing interface in Casdoor before 2.26.0 allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after log...

7.2CVSS6.3AI score0.00112EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-26438

Malware in sbrugna...

5.5CVSS5.6AI score0.00232EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-5582

Malware in sbrugna...

7.2CVSS6.8AI score0.00114EPSS

Exploits1References3