CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2026/05/22 12:31 a.m.•6 views

EUVD-2026-31360

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00017EPSS

Exploits0References2

ATTACKERKB•added 2026/05/21 9:18 p.m.•3 views

CVE-2026-7886

2.3CVSS5.7AI score0.00017EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-32032

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00325EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:36 a.m.•4 views

CVE-2023-28325

An improper authorization vulnerability exists in Rocket.Chat 6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room...

6.5CVSS6.7AI score0.00325EPSS

Exploits0References1

NVD•added 2023/05/11 10:15 p.m.•9 views

CVE-2023-28325

6.5CVSS6.4AI score0.00325EPSS

Exploits0References1

OSV•added 2023/05/11 10:15 p.m.•13 views

CVE-2023-28325

6.5CVSS7AI score

Exploits0References1

Prion•added 2023/05/11 10:15 p.m.•9 views

Authorization

6.4CVSS6.3AI score0.00325EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/05/11 12:0 a.m.•12 views

CVE-2023-28325

6.5AI score0.00325EPSS

Exploits0References1

Positive Technologies•added 2023/05/11 12:0 a.m.•1 views

PT-2023-21650 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 6.0 Description: An improper authorization issue exists that could allow a hacker to manipulate the rid parameter and change the updateMessage method, which only checks whether the user is allowed to edit a messa...

6.5CVSS6.2AI score0.00325EPSS

Exploits0References5