CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added yesterday•5 views

CVE-2026-50213 Bulk User Private Data Harvesting

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings...

8.7CVSS5.8AI score0.00041EPSS

EUVD•added 2026/05/26 12:0 a.m.•7 views

EUVD-2026-31838

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

4.3CVSS5.8AI score0.00008EPSS

Cvelist•added 2026/05/26 12:0 a.m.•32 views

CVE-2026-38587

0.00008EPSS

Vulnrichment•added 2026/05/26 12:0 a.m.•9 views

CVE-2026-38587

5.8AI score0.00008EPSS

ATTACKERKB•added 2026/05/26 12:0 a.m.•5 views

CVE-2026-38587

5.8AI score0.00008EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Protecting the device queue against concurrent access. In the dasdprofilestart function, the number of requests on the device queue is counted. Access to the device queue is not protected against concurrent access. Wit...

5.5CVSS5.8AI score0.00008EPSS

Snyk•added 2026/05/19 10:19 a.m.•5 views

Insufficient Granularity of Access Control

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via the user handler in the resource account service. An attacker...

5.3CVSS5.9AI score0.00013EPSS

OSV•added 2026/05/06 5:5 p.m.•1 views

GHSA-8QJV-JJ2Q-X832 Auth.js SDK has Improper Permission Checking

Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...

7.1CVSS5.8AI score0.00032EPSS

Positive Technologies•added 2026/05/06 12:0 a.m.•3 views

PT-2026-38263

Name of the Vulnerable Software and Affected Versions auth0-js versions 8.11.0 through 9.32.0 Description Improper validation in the Auth0.js SDK may allow the return of user profile data when a specifically crafted invalid ID token is used in conjunction with a valid access token. This issue...

7.1CVSS5.6AI score0.00032EPSS

Exploits0References5

CNNVD•added 2026/04/09 12:0 a.m.•3 views

WordPress plugin UsersWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00073EPSS

Exploits0References10

OSV•added 2026/03/27 7:10 a.m.•1 views

BIT-DISCOURSE-2026-32099 Discourse prevents hidden profile data leak via user onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's profile U...

6.5CVSS5.9AI score0.0002EPSS

EUVD•added 2026/03/19 9:52 p.m.•3 views

EUVD-2026-13332

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

4.3CVSS5.8AI score0.0002EPSS

Vulnrichment•added 2026/03/19 9:52 p.m.•0 views

CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox

4.3CVSS5.8AI score0.0002EPSS

Snyk•added 2026/02/24 1:52 a.m.•1 views

Infinite loop

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Snyk•added 2026/02/24 1:52 a.m.•2 views

Infinite loop

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

AlpineLinux•added 2026/02/24 1:52 a.m.•2 views

CVE-2026-26066

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with IPTCTEXT. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

7.5CVSS5.5AI score0.00019EPSS

Exploits0

Snyk•added 2026/02/24 1:52 a.m.•3 views

Infinite loop

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Snyk•added 2026/02/24 1:52 a.m.•1 views

Infinite loop

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...