CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161 matches found

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

10CVSS5.4AI score0.00079EPSS

Exploits0References1

NVD•added 2026/05/21 2:16 a.m.•10 views

CVE-2026-9152

10CVSS0.00079EPSS

Exploits0References1

CVE•added 2026/05/21 12:47 a.m.•15 views

CVE-2026-9152

The CVE-2026-9152 entry concerns Altium 365 SearchService with an unauthenticated legacy SOAP endpoint that exposes search index operations. The root cause is lack of authentication/identity verification, enabling an unauthenticated attacker who knows a workspace identifier to access and manipula...

10CVSS5.8AI score0.00079EPSS

Exploits0References1

NVD•added 2026/04/14 10:16 p.m.•0 views

CVE-2026-39907

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2...

10CVSS0.01042EPSS

Exploits1References3

Vulnrichment•added 2026/04/14 9:21 p.m.•1 views

CVE-2026-39907 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP

7CVSS5.8AI score0.01042EPSS

Exploits1References3

CVE•added 2026/04/14 9:21 p.m.•4 views

CVE-2026-39907

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP 1208. The ReadLicense action’s LFName accepts unsanitized file paths, enabling crafted SOAP requests with UNC paths to trigger outbound SMB connections and leak NTLMv2 machi...

10CVSS5.8AI score0.01042EPSS

Exploits1References3Affected Software1