CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/03/19 3:47 p.m.•16 views

CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset

9.8CVSS0.00062EPSS

CVE•added 2026/03/19 3:47 p.m.•6 views

CVE-2026-32865

Vulnerability summary: OPEXUS eComplaint/eCASE (pre-10.1.0.0) exposes the secret verification code in the HTTP response for ForcePasswordReset.aspx, enabling password reset by an attacker who knows a user’s email. Impact: attacker can reset password and security questions; existing security quest...

Exploits0References2Affected Software1

ATTACKERKB•added 2026/03/19 3:47 p.m.•2 views

CVE-2026-32865

Vulnrichment•added 2026/03/19 3:47 p.m.•0 views

Exploits0References3

CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset

Positive Technologies•added 2026/03/19 12:0 a.m.•2 views

PT-2026-26307

Malwarebytes•added 2025/12/08 3:26 p.m.•4 views

Exploits0References8

How phishers hide banking scams behind free Cloudflare Pages

During a recent investigation, we uncovered a phishing operation that combines free hosting on developer platforms with compromised legitimate websites to build convincing banking and insurance login portals. These fake pages don't just grab a username and password–they also ask for answers to...

6.8AI score

Exploits0

RedhatCVE•added 2025/12/05 8:32 p.m.•2 views

CVE-2025-12994

Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025...

5.3CVSS7AI score0.00044EPSS

NVD•added 2025/12/04 8:16 p.m.•1 views

CVE-2025-12994

5.3CVSS0.00044EPSS

OSV•added 2025/12/04 8:16 p.m.•0 views

CVE-2025-12994

5.3CVSS5.8AI score

EUVD•added 2025/12/04 8:2 p.m.•1 views

EUVD-2025-201288

5.3CVSS6.5AI score0.00044EPSS

Vulnrichment•added 2025/12/04 8:2 p.m.•2 views

CVE-2025-12994

5.3CVSS6.6AI score0.00044EPSS

CVE•added 2025/12/04 8:2 p.m.•8 views

CVE-2025-12994

Medtronic CareLink Network is affected by CVE-2025-12994. The issue allows an unauthenticated remote attacker to initiate requests to an API endpoint that could be used to determine a valid user account. Affected component: CareLink Network (versions prior to 4 Dec 2025). According to the sources...

5.3CVSS6.6AI score0.00044EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/04 8:2 p.m.•18 views

CVE-2025-12994

5.3CVSS0.00044EPSS

Positive Technologies•added 2025/12/04 12:0 a.m.•3 views

PT-2025-49124

Name of the Vulnerable Software and Affected Versions Medtronic CareLink Network versions prior to December 4, 2025 Description An unauthenticated remote attacker can send a request to an API endpoint to obtain security questions. This could potentially reveal valid user accounts. Recommendations...

5.3CVSS6.7AI score0.00044EPSS

Exploits0References4

RedhatCVE•added 2025/10/27 1:33 p.m.•2 views

CVE-2025-34293

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...

8.6CVSS6.8AI score0.00066EPSS