CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/25 8:3 a.m.•9 views

Malicious code in @agora-sdk/react-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9febb9d8dda2eea07ef909b9713ca6531c4a5b51a75fd730a312bec8d8a11135 Package is published under the '@agora-sdk' scope, strongly associated with Agora.io's real-time-communications SDKs, but its actual contents are a...

5.8AI score

CNNVD•added 2026/05/12 12:0 a.m.•6 views

devguard 安全漏洞

Devguard is a software supply chain vulnerability management platform developed by L3montree. Versions prior to 1.2.2 of Devguard contained security vulnerabilities. These vulnerabilities stemmed from SessionMiddleware accepting the X-Admin-Token HTTP request header provided by clients. When no...

9.3CVSS5.8AI score0.00066EPSS

Packet Storm•added 2026/04/13 12:0 a.m.•51 views

📄 Pachno 1.0.6 Privilege Escalation

The authorization check in the runSwitchUser action in Pachno version 1.0.6 evaluates the expression !canSaveConfiguration && !hasCookie'originalusername' and only forbids the request when both subexpressions are true. The presence of the originalusername cookie is sufficient to satisfy the secon...

5.9AI score

Exploits0

RedhatCVE•added 2026/04/03 5:8 a.m.•4 views

CVE-2025-66483

IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...

6.5CVSS5.9AI score0.0001EPSS

RedhatCVE•added 2026/03/26 3:3 p.m.•1 views

CVE-2026-30969

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

9.1CVSS5.8AI score0.00071EPSS

NVD•added 2026/03/10 6:18 p.m.•1 views

CVE-2026-30969

9.1CVSS0.00071EPSS

ATTACKERKB•added 2026/03/10 5:27 p.m.•2 views

CVE-2026-30969

Exploits0References3Affected Software1

Vulnrichment•added 2026/03/10 5:27 p.m.•3 views

CVE-2026-30969 Coral Server has insufficient agent authentication in session communication channels

EUVD•added 2026/03/10 5:27 p.m.•3 views

EUVD-2026-10707

OSV•added 2026/03/10 5:27 p.m.•2 views

CVE-2026-30969 Coral Server has insufficient agent authentication in session communication channels

CNNVD•added 2026/03/10 12:0 a.m.•2 views

Exploits0References4

coral-server 安全漏洞

Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of forced strong authentication during active sessions, allowing attacker...

9.1CVSS5.8AI score0.00071EPSS

Positive Technologies•added 2026/03/10 12:0 a.m.•2 views

PT-2026-24340

Name of the Vulnerable Software and Affected Versions Coral Server versions prior to 1.1.0 Description Coral Server, an open collaboration infrastructure for The Internet of Agents, did not enforce strong authentication between agents and the server during active sessions. This could allow an...

9.1CVSS5.7AI score0.00071EPSS

Exploits0References6

EUVD•added 2026/02/27 3:30 a.m.•2 views

EUVD-2026-8961

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.4AI score0.00053EPSS

Exploits0References4

NVD•added 2026/02/27 12:16 a.m.•4 views

CVE-2026-27652

7.5CVSS0.00052EPSS

Exploits0References3

Cvelist•added 2026/02/17 8:32 p.m.•24 views

CVE-2025-36377 IBM Security QRadar EDR Software has multiple vulnerabilities

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system...

6.3CVSS0.00059EPSS

CVE•added 2026/02/17 7:52 p.m.•11 views

CVE-2025-27898

CVE-2025-27898 is supported by connected documentation: IBM Db2 Recovery Expert for Linux, UNIX and Windows (DB2 Recovery Expert LUW) versions affected include 5.5 with IF 2. The bulletin states the vulnerability arises from the product not invalidating a session after a timeout, which could allo...

6.3CVSS5.5AI score0.00053EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/02/17 7:52 p.m.•1 views

CVE-2025-27898 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.8AI score0.00053EPSS