CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

188 matches found

CNNVD•added 2026/05/06 12:0 a.m.•6 views

Flowise 授权问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise 3.0.12 and earlier contained an authorization vulnerability. This vulnerability stemmed from issues with the operations of the parameter userId/organizationId/workspaceId/emai...

5.3CVSS5.8AI score0.00038EPSS

Exploits1References1

Positive Technologies•added 2026/05/06 12:0 a.m.•6 views

PT-2026-37640

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

5.3CVSS5.6AI score0.00038EPSS

Exploits1References5

NVD•added 2026/05/03 12:16 a.m.•5 views

CVE-2026-7672

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...

6.5CVSS0.00011EPSS

Exploits0References4

Cvelist•added 2026/05/03 12:0 a.m.•34 views

CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection

6.5CVSS0.00011EPSS

Exploits0References4

RedhatCVE•added 2026/05/01 8:48 p.m.•3 views

CVE-2026-7501

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

5.1CVSS4.2AI score0.00013EPSS

Exploits0References1

NVD•added 2026/04/30 10:16 p.m.•1 views

CVE-2026-7502

A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated...

5.5CVSS0.00055EPSS

Exploits0References7

NVD•added 2026/04/30 9:16 p.m.•2 views

CVE-2026-7501

5.1CVSS0.00013EPSS

Exploits0References6

CVE•added 2026/04/30 9:15 p.m.•5 views

CVE-2026-7502

CVE-2026-7502 affects LinkStackOrg LinkStack up to version 4.8.6. The vulnerability is in the saveLink function of app/Http/Controllers/UserController.php (Management Endpoint), enabling an authorization bypass. The issue is exploitable remotely and has publicly disclosed exploit information. A f...

5.5CVSS5.5AI score0.00055EPSS

Exploits0References7

Vulnrichment•added 2026/04/30 9:15 p.m.•1 views

CVE-2026-7502 LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization

5.5CVSS5.6AI score0.00055EPSS

Exploits0References7

EUVD•added 2026/04/30 8:45 p.m.•3 views

EUVD-2026-26438

5.1CVSS3.5AI score0.00013EPSS

Exploits0References6

ATTACKERKB•added 2026/04/30 8:45 p.m.•2 views

CVE-2026-7501

5.1CVSS3.6AI score0.00013EPSS

Exploits0References6Affected Software1

Vulnrichment•added 2026/04/30 8:45 p.m.•4 views

CVE-2026-7501 LinkStackOrg LinkStack UserController.php editPage cross site scripting

5.1CVSS4.2AI score0.00013EPSS

Exploits0References6

CVE•added 2026/04/30 8:45 p.m.•5 views

CVE-2026-7501

The CVE pertains to LinkStackOrg LinkStack (up to version 4.8.6). The vulnerability affects the editPage function in app/Http/Controllers/UserController.php, caused by manipulation of the pageDescription argument which enables cross-site scripting. Exploitation is possible remotely and public exp...

5.1CVSS3.5AI score0.00013EPSS

Exploits0References6

Cvelist•added 2026/04/30 8:45 p.m.•26 views

CVE-2026-7501 LinkStackOrg LinkStack UserController.php editPage cross site scripting

5.1CVSS0.00013EPSS

Exploits0References6

Positive Technologies•added 2026/04/30 12:0 a.m.•3 views

PT-2026-36191

Name of the Vulnerable Software and Affected Versions LinkStackOrg LinkStack versions prior to 4.8.7 Description A weakness in the editPage function within the app/Http/Controllers/UserController.php file allows for remote cross-site scripting XSS, which occurs when a user-supplied value is...

5.1CVSS5.7AI score0.00013EPSS

Exploits0References10

CNNVD•added 2026/04/30 12:0 a.m.•7 views

LinkStack 授权问题漏洞

LinkStack is a unique platform developed by LinkStack OpenSource, offering efficient solutions for managing and sharing links online. Version 4.8.6 and earlier of LinkStack contained an authorization vulnerability. This vulnerability originated from the saveLink function in the Management Endpoin...

5.5CVSS6.1AI score0.00055EPSS

Exploits0References1

EUVD•added 2026/04/14 6:30 p.m.•3 views

EUVD-2026-22300

A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...

8.8CVSS5.8AI score0.00064EPSS

Exploits2References3

Positive Technologies•added 2026/04/14 12:0 a.m.•1 views

PT-2026-32683

8.8CVSS5.8AI score0.00064EPSS

Exploits2References5

CNNVD•added 2026/04/14 12:0 a.m.•1 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an object-level authorization flaw in the /Settings/UserController.php...

8.8CVSS5.8AI score0.00064EPSS

Exploits2References2

Cvelist•added 2026/04/14 12:0 a.m.•24 views

CVE-2026-38529

8.8CVSS0.00064EPSS

Exploits2References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by