CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

RedhatCVE•added 2026/06/05 7:33 p.m.•6 views

CVE-2026-45413

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.5AI score0.00083EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 8:12 p.m.•6 views

CVE-2026-45413

6.9CVSS5.8AI score0.00083EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/26 12:0 a.m.•9 views

PT-2026-43406

6.9CVSS5.8AI score0.00083EPSS

Exploits0References2

RedhatCVE•added 2026/03/28 4:59 p.m.•6 views

CVE-2026-34411

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS

Exploits1References1

CVE•added 2026/03/27 4:24 p.m.•9 views

CVE-2026-34411

Affected product: Appsmith prior to version 1.98. Root cause: unauthenticated access to instance management API endpoints (/api/v1/consolidated-api/view, /api/v1/tenants/current) that exposes configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains. Impact: ...

6.9CVSS5.9AI score0.00387EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/03/27 12:0 a.m.•5 views

PT-2026-28632

6.9CVSS5.9AI score0.00387EPSS

Exploits1References4

CVE•added 2026/02/18 9:10 p.m.•13 views

CVE-2026-27179

CVE-2026-27179 affects MajorDoMo’s commands module, where commands_search.inc.php interpolates $_GET['parent'] into SQL without sanitization or parameterization. The /objects/?module=commands endpoint is loadable without authentication, enabling arbitrary module calls via their usual() method. Th...

9.8CVSS6.1AI score0.00468EPSS

Exploits2References3Affected Software1

Positive Technologies•added 2026/02/18 12:0 a.m.•2 views

PT-2026-20515

Name of the Vulnerable Software and Affected Versions MajorDoMo affected versions not specified Description MajorDoMo contains an unauthenticated SQL injection issue in the commands module. The commands search.inc.php file directly uses the $ GET'parent' parameter in SQL queries without proper...

8.8CVSS5.9AI score0.00468EPSS

Exploits2References6

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-13079

Malware in sbrugna...

9.8CVSS7.7AI score0.00352EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-39816

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00475EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2025-32184

Malicious code in bioql PyPI...

8.2CVSS6.6AI score0.00416EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2021-8635

Malicious code in bioql PyPI...

5.8CVSS5.7AI score0.00736EPSS

Exploits0References2

RedhatCVE•added 2025/10/03 4:58 p.m.•6 views

CVE-2025-34208

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed via PHP's hash function in multiple files serverwriterequestsusers.php, updatedatabase.php,...

8.2CVSS7.4AI score0.00416EPSS

Exploits1References1

NVD•added 2025/10/02 5:16 p.m.•7 views

CVE-2025-34208

8.2CVSS0.00416EPSS

Exploits1References4

CVE•added 2025/10/02 4:13 p.m.•15 views

CVE-2025-34208

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SAAS) uses unsalted SHA-512 and, fallback unsalted SHA-1, for password hashing via PHP hash() in multiple files (server_write_requests_users.php, update_database.php, legacy/Login.php, tests/Unit/Api/IdpControllerTest...

8.2CVSS7AI score0.00416EPSS

Exploits1References4Affected Software2

CNNVD•added 2025/10/02 12:0 a.m.•4 views

Vasion Print 安全漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in the Vasion Print Virtual Appliance Host and Application that stems from the use of unsalted SHA-512 hashes and unsalted SHA-1 hashes to store user passwords,...

8.2CVSS6.8AI score0.00416EPSS

Exploits1References4

RedhatCVE•added 2025/09/19 12:31 p.m.•11 views

CVE-2025-53884

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...

5.3CVSS6.6AI score0.00162EPSS

Exploits0References1

NVD•added 2025/09/17 1:15 p.m.•4 views

CVE-2025-53884

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...

5.3CVSS0.00162EPSS

Exploits0References2

OSV•added 2025/09/17 1:15 p.m.•5 views

CVE-2025-53884

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...

5.3CVSS5.8AI score0.00162EPSS

Exploits0References2

CNNVD•added 2025/09/17 12:0 a.m.•3 views

NeuVector 安全漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. NeuVector suffers from a security vulnerability that stems from the use of simple and...

5.3CVSS6.4AI score0.00162EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by