CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/08 6:32 a.m.•2 views

EUVD-2026-28530

NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks...

7.8CVSS5.7AI score0.00013EPSS

CVE•added 2026/05/08 4:36 a.m.•7 views

CVE-2026-8148

NAVER MYBOX Explorer for Windows before 3.0.11.160 is affected by a local privilege escalation vulnerability. The root cause is improper privilege checks that permit a local attacker to manipulate the registry to gain NT AUTHORITY\SYSTEM privileges. The CVE entry for CVE-2026-8148 documents a HIG...

7.8CVSS5.7AI score0.00013EPSS

Exploits0References1Affected Software1

Github Security Blog•added 2026/05/06 8:37 p.m.•4 views

phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check in phpMyFAQ

Summary A review of phpMyFAQ-main uncovered an authorization issue in the admin-api routes. Several backend endpoints only check whether the caller is logged in. They do not verify that the caller actually has backend or administrative privileges. As a result, a normal frontend user can access AP...

5.6AI score

Exploits0References2Affected Software2

EUVD•added 2026/04/24 12:6 a.m.•3 views

EUVD-2026-25351

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...

9.8CVSS5.8AI score0.00115EPSS

Exploits0References3

Vulnrichment•added 2026/04/21 8:38 p.m.•2 views

CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

9.8CVSS5.8AI score0.00064EPSS

Cvelist•added 2026/04/09 3:52 p.m.•15 views

CVE-2026-33005 Apache OpenMeetings: Insufficient checks in FileWebService

Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...

0.00135EPSS

RedhatCVE•added 2026/03/28 4:59 p.m.•0 views

CVE-2026-5025

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'getcurrentactiveuser' without any privilege checks e.g., 'issuperuser'...

Snyk•added 2026/03/27 5:31 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the logs and logs-stream endpoints. An attacker can access sensitive application log data by authenticating with basic user privileges, as these endpoints do not enforce privilege checks. Remediation There is n...

7.1CVSS5.9AI score0.00049EPSS

RedhatCVE•added 2026/03/27 5:9 p.m.•1 views

CVE-2026-23995

EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ 16 to CAN open routines overflows ifreq.ifrname, corrupting adjacent stack data and enabling potential code execution. ...

8.4CVSS6.3AI score0.00007EPSS

Exploits1References1

EUVD•added 2026/03/27 3:30 p.m.•1 views

EUVD-2026-16664

NVD•added 2026/03/27 3:17 p.m.•2 views

CVE-2026-5025

6.5CVSS0.00049EPSS

ATTACKERKB•added 2026/03/27 2:43 p.m.•0 views

CVE-2026-5025

CVE•added 2026/03/27 2:43 p.m.•7 views

CVE-2026-5025

CVE-2026-5025 (LangFlow) exposes full application logs via /logs and /logs-stream endpoints. Both endpoints require only basic authentication (get_current_active_user) with no privilege checks (e.g., is_superuser), enabling read access for any authenticated user. Likely impact on confidentiality ...

Exploits0References1Affected Software1

Cvelist•added 2026/03/27 2:43 p.m.•17 views

CVE-2026-5025 Langflow - Application Logs Exposed to All Authenticated Users

6.5CVSS0.00049EPSS

Positive Technologies•added 2026/03/27 12:0 a.m.•0 views

PT-2026-28739

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'get current active user' without any privilege checks e.g., 'is superuser'...

CNNVD•added 2026/03/27 12:0 a.m.•2 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability, which stems from endpoints/logs and/logs-stream in the logging router requiring only basic authentication without privilege checks. This...

6.5CVSS5.8AI score0.00049EPSS