CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

209 matches found

EUVD•added 2026/04/03 9:34 p.m.•0 views

EUVD-2026-18870

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in Piwigo is registered without the adminonly option, allowing unauthenticated users to access the full browsing history of all gallery visitors. This issue has been patched ...

7.5CVSS5.8AI score0.00066EPSS

Exploits1References3

RedhatCVE•added 2026/04/01 11:1 p.m.•5 views

CVE-2026-34400

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

9.8CVSS5.8AI score0.00018EPSS

Exploits0References1

ATTACKERKB•added 2026/03/31 9:0 p.m.•3 views

CVE-2026-34400

6.9CVSS5.8AI score0.00018EPSS

Exploits0References7Affected Software1

EUVD•added 2026/03/31 9:0 p.m.•3 views

EUVD-2026-17664

6.9CVSS5.8AI score0.00018EPSS

Exploits0References6

SUSE CVE•added 2026/03/28 12:28 a.m.•2 views

SUSE CVE-2026-24692

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554...

4.3CVSS5.9AI score0.00032EPSS

Exploits0References3

OSV•added 2026/03/26 8:32 p.m.•0 views

GO-2026-4716 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API in github.com/siyuan-note/siyuan/kernel

SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API in github.com/siyuan-note/siyuan/kernel...

9.8CVSS5.9AI score0.00035EPSS

Exploits1References5

Snyk•added 2026/03/16 8:44 p.m.•2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the fullTextSearchBlock handler in kernel/api/search.go. An attacker can execute unauthorized SQL statements, including reading, modifying, or deleting database contents, by sending method=2 with a crafte...

9.8CVSS6AI score0.00035EPSS

Exploits1References3

Github Security Blog•added 2026/03/16 8:44 p.m.•9 views

SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API

Summary SiYuan Note v3.6.0 and likely prior versions contains an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlying SQLite database...

9.8CVSS6.3AI score0.00035EPSS

Exploits1References6Affected Software1

Github Security Blog•added 2026/03/16 3:30 p.m.•5 views

Mattermost fails to properly enforce read permissions in search API endpoints

4.3CVSS5.8AI score0.00032EPSS

Exploits0References4Affected Software2

EUVD•added 2026/03/16 3:30 p.m.•2 views

EUVD-2026-12443

4.3CVSS5.8AI score0.00032EPSS

Exploits0References2

OSV•added 2026/03/16 3:30 p.m.•3 views

GHSA-CWFJ-642J-GFH4 Mattermost fails to properly enforce read permissions in search API endpoints

4.3CVSS5.8AI score0.00032EPSS

Exploits0References4

OSV•added 2026/03/16 3:30 p.m.•3 views

GHSA-679F-WMRG-QF57 Mattermost allows a removed team member to enumerate all public channels within a private team

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate team membership when searching channels which allows a removed team member to enumerate all public channels within a private team via the channel search API endpoint. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.0004EPSS

Exploits0References4

OSV•added 2026/03/16 3:16 p.m.•2 views

CVE-2026-24692

4.3CVSS5.9AI score

Exploits0References1

ATTACKERKB•added 2026/03/16 2:56 p.m.•2 views

CVE-2026-24692

4.3CVSS5.8AI score0.00032EPSS

Exploits0References2Affected Software1

CVE•added 2026/03/16 2:56 p.m.•8 views

CVE-2026-24692

Mattermost discloses a vulnerability where guest users can bypass read permissions via the search API. Affected versions include Mattermost 11.3.x up to 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. The root cause is improper enforcement of read permissions in search API endpoints, ena...

4.3CVSS5.8AI score0.00032EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/03/16 12:0 a.m.•6 views

PT-2026-25759

Mattermost fails to properly enforce read permissions in search API endpoints in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

4.3CVSS5.8AI score0.00032EPSS

Exploits0References9

EUVD•added 2026/03/10 9:32 p.m.•6 views

EUVD-2026-10828

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

5.3CVSS5.8AI score0.00026EPSS

Exploits0References5

EUVD•added 2026/03/10 9:32 p.m.•5 views

EUVD-2026-10829

5.3CVSS5.8AI score0.00026EPSS

Exploits0References5

OSV•added 2026/03/10 8:16 p.m.•1 views

CVE-2026-3582

4.3CVSS5.8AI score0.00026EPSS

Exploits0References4