CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

102 matches found

Vulnrichment•added 2026/05/11 8:38 p.m.•2 views

CVE-2026-43881 WWBN AVideo: Unauthenticated User Enumeration in `objects/users.json.php` via `isCompany` Parameter Flips `$ignoreAdmin = true` and Defeats Admin-Only Listing Guard

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin call...

5.3CVSS5.7AI score0.00012EPSS

Exploits0References2

GithubExploit•added 2026/05/06 1:26 a.m.•48 views

CVE-Intelligence

VulnForge Local-only, single-user CVE alert & patch-priority...

5.8AI score

Exploits0

Positive Technologies•added 2026/05/05 12:0 a.m.•3 views

PT-2026-37297

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An issue in the 'objects/users.json.php' endpoint allows unauthenticated remote attackers to disclose the full set of registered user accounts. This occurs through two distinct paths: First, the...

5.3CVSS5.8AI score0.00012EPSS

Exploits0References6

EUVD•added 2026/04/18 12:12 a.m.•0 views

EUVD-2026-23630

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 JumpToUser accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode process to jump to kernel addresses and execute...

9.3CVSS6AI score0.00017EPSS

Exploits1References2

CVE•added 2026/04/18 12:12 a.m.•4 views

CVE-2026-40317

NovumOS (a custom 32-bit OS written in Zig/x86 Assembly) prior to version 0.24 is affected by a local privilege-escalation in the Syscall 12 JumpToUser interface. The vulnerability arises because JumpToUser accepts an arbitrary entry-point address from user-space without validation, enabling any ...

9.3CVSS6AI score0.00017EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2026/01/01 12:17 p.m.•5 views

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

7CVSS7.7AI score0.00004EPSS

Exploits1References1

RedhatCVE•added 2025/11/08 7:41 a.m.•3 views

CVE-2025-64343

conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...

7.8CVSS6.4AI score0.00014EPSS

Exploits0References1

OSV•added 2025/11/07 5:20 a.m.•4 views

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

7.8CVSS6.4AI score0.00014EPSS

Exploits0References5

EUVD•added 2025/11/07 5:20 a.m.•11 views

EUVD-2025-38241

7.8CVSS5.9AI score0.00014EPSS

Exploits0References3

Cvelist•added 2025/11/07 5:20 a.m.•6 views

CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation

7.8CVSS0.00014EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2000-0218

Malware in sbrugna...

7.2CVSS6.4AI score0.00381EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-16334

Malware in sbrugna...

7.2CVSS6.7AI score0.00042EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-0408

Malware in sbrugna...

4.6CVSS6.4AI score0.00081EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-51703

Malicious code in bioql PyPI...

8.1CVSS9.1AI score0.00083EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-48644

Malicious code in bioql PyPI...

7.5CVSS6AI score0.0013EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-16231

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00213EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-23566

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00423EPSS

Exploits0References3

OSV•added 2025/09/12 11:46 a.m.•2 views

BIT-NIFI-2022-26850 Insufficiently protected credentials

When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the...

4.3CVSS6.9AI score0.01879EPSS

Exploits0References3

CNVD•added 2025/09/11 12:0 a.m.•2 views

Tenda G3 getsinglepppuser function buffer overflow vulnerability

Tenda G3 is a micro-enterprise all-in-one gateway from Tenda, designed for small and medium-sized businesses to provide an integrated network solution. Tenda G3 has a buffer overflow vulnerability, the vulnerability stems from the pPppUser parameter in the getsinglepppuser function fails to...

7.5CVSS7.4AI score0.00122EPSS

Exploits1References1

Rapid7 Blog•added 2025/09/02 1:30 p.m.•2 views

Flashrom to Hexedit to Root: DEF CON 33 IoT Village Exercise

Each year at DEF CON’s IoT Village, Rapid7 researchers showcase their skills in penetration testing, hardware hacking, and more. At DEF CON 33, Principal Security Researcher, IoT, Deral Heiland took attendees step by step through a brand-new, hands-on exercise that pushed past last year’s lessons...

7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by