CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/16 2:19 p.m.•3 views

CVE-2026-3110

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/administracion/adminusuarios.cgi?filtroestado=T&wAccion=listadoxlsx&wBuscar=&wFiltrar=&wOrden=altausuario&widcursoActual=ID' where the data of users enrolled in the course is exported. Successfu...

8.7CVSS0.00247EPSS

OSV•added 2026/03/16 2:19 p.m.•2 views

CVE-2026-2922

GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS6.3AI score

Vulnrichment•added 2026/03/16 9:36 a.m.•2 views

CVE-2026-3110 Multiple vulnerabilities on the Educativa Campus

Cvelist•added 2026/03/16 9:36 a.m.•26 views

CVE-2026-3110 Multiple vulnerabilities on the Educativa Campus

8.7CVSS0.00247EPSS

ATTACKERKB•added 2026/03/16 9:36 a.m.•4 views

CVE-2026-3110

Exploits0References2Affected Software1

CVE•added 2026/03/16 9:36 a.m.•13 views

CVE-2026-3110

CVE-2026-3110 describes an insecure direct object reference (IDOR) in Campus Educativa. An unauthenticated attacker can access user data by exploiting the endpoint /administracion/admin_usuarios.cgi?filtro_estado=T&wAccion=listado_xlsx&wBuscar=&wFiltrar=&wOrden=alta_usuario&wid_cursoActual=[ID], ...

Positive Technologies•added 2026/03/16 12:0 a.m.•3 views

PT-2026-25850

Summary The REST API getUsers endpoint in StudioCMS uses the attacker-controlled rank query parameter to decide whether owner accounts should be filtered from the result set. As a result, an admin token can request rank=owner and receive owner account records, including IDs, usernames, display...

2.7CVSS5.9AI score0.00375EPSS

Exploits1References7

Positive Technologies•added 2026/03/16 12:0 a.m.•3 views

PT-2026-25669

8.6CVSS5.8AI score0.0024EPSS

CNNVD•added 2026/03/16 12:0 a.m.•2 views

educativa Campus Educativa 访问控制错误漏洞

Educativa Campus Educativa is an educational management platform owned by the Spanish company Educativa. Educativa Campus Educativa has a security vulnerability related to access control. This vulnerability stems from insecure direct object references in the...

ATTACKERKB•added 2026/03/13 8:58 p.m.•7 views

CVE-2026-32635

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting XSS vulnerability has been identified in the Angular runtime and compiler. It occurs whe...

8.6CVSS5.7AI score0.00339EPSS

Exploits0References4Affected Software2

ATTACKERKB•added 2026/03/12 6:32 p.m.•1 views

CVE-2026-32138

NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could use these keys to interact with backend services...

8.2CVSS5.8AI score0.00256EPSS

Exploits0References3Affected Software1

Snyk•added 2026/03/12 12:36 a.m.•1 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SCIM API when URL-encoded path values are used. An attacker can access sensitive user information, including names, email addresses, phone numbers, addresses, external IDs,...

8.7CVSS5.8AI score0.00584EPSS

Snyk•added 2026/03/12 12:36 a.m.•3 views

Authentication Bypass Using an Alternate Path or Channel

8.7CVSS5.8AI score0.00584EPSS

Snyk•added 2026/03/12 12:36 a.m.•1 views

Authentication Bypass Using an Alternate Path or Channel

8.7CVSS5.8AI score0.00584EPSS