CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

116 matches found

NVD•added 2026/05/04 12:16 a.m.•6 views

CVE-2026-7710

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...

7.5CVSS0.00405EPSS

Exploits0References4

Cvelist•added 2026/05/03 11:15 p.m.•40 views

CVE-2026-7710 YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal improper authentication

7.5CVSS0.00405EPSS

Exploits0References4

ATTACKERKB•added 2026/05/03 11:15 p.m.•4 views

CVE-2026-7710

7.5CVSS6.7AI score0.00405EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/03 11:15 p.m.•3 views

CVE-2026-7710 YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal improper authentication

7.5CVSS6.7AI score0.00405EPSS

Exploits0References4

CVE•added 2026/05/03 11:15 p.m.•19 views

CVE-2026-7710

The CVE-2026-7710 issue affects YunaiV yudao-cloud up to version 3.8.0, specifically the JwtAuthenticationTokenFilter.doFilterInternal implementation in Ruoyi-Vue-Pro. A manipulation of the mock-token argument enables improper authentication, with remote exploitation possible. Exploit code is rep...

7.5CVSS6.7AI score0.00405EPSS

Exploits0References4

ATTACKERKB•added 2026/04/28 7:30 p.m.•2 views

CVE-2026-7306

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

6.3CVSS4.6AI score0.00327EPSS

Exploits0References6Affected Software1

NVD•added 2026/04/27 12:16 p.m.•6 views

CVE-2026-7117

A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

6.5CVSS0.00192EPSS

Exploits0References5

ATTACKERKB•added 2026/04/27 11:15 a.m.•6 views

CVE-2026-7118

A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argument id/token leads to sql injection. The attack is possible to be carried out remotely. The explo...

6.5CVSS6.5AI score0.00192EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/04/27 11:0 a.m.•2 views

CVE-2026-7117

6.5CVSS6.6AI score0.00192EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2026/02/24 7:29 a.m.•5 views

CVE-2026-2974

A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...

2.5CVSS3.8AI score0.00099EPSS

Exploits0References1

CVE•added 2026/02/23 5:32 a.m.•9 views

CVE-2026-2974

AliasVault App (up to 0.25.3) on Android/iOS contains a vulnerability in the Backup Handler that manipulates tokens inside shared_prefs/aliasvault.xml (accessToken/refreshToken/metadata/key_derivation_params/auth_methods). This can expose backup files to an unauthorized control sphere through a l...

2.5CVSS4.2AI score0.00099EPSS

Exploits0References9Affected Software1

Positive Technologies•added 2026/02/23 12:0 a.m.•5 views

PT-2026-21499

Name of the Vulnerable Software and Affected Versions AliasVault App versions through 0.25.3 Description A security issue exists in AliasVault App on Android/iOS. The issue is related to the Backup Handler component and affects the shared prefs/aliasvault.xml file. Manipulation of the accessToken...

2.5CVSS5.7AI score0.00099EPSS

Exploits0References14

OSV•added 2026/02/03 10:16 p.m.•3 views

CVE-2020-37094

EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and...

9.8CVSS5.8AI score

Exploits0References3

Cvelist•added 2026/02/03 10:1 p.m.•23 views

CVE-2020-37094 EspoCRM 5.8.5 - Privilege Escalation

9.8CVSS0.00549EPSS

Exploits1References3

Cvelist•added 2026/01/27 3:23 p.m.•19 views

CVE-2020-36948 VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation

VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative...

9.8CVSS0.00561EPSS

Exploits0References5

Positive Technologies•added 2026/01/27 12:0 a.m.•5 views

PT-2026-4927

9.8CVSS5.9AI score0.00561EPSS

Exploits0References6

RedhatCVE•added 2025/12/16 4:57 a.m.•5 views

CVE-2025-14703

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The...

6.9CVSS6.6AI score0.00605EPSS

Exploits1References1

OSV•added 2025/12/15 4:15 a.m.•0 views

CVE-2025-14703

5.3CVSS5.4AI score0.00605EPSS

Exploits1References4