CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

301 matches found

NVD•added 2026/05/29 1:16 p.m.•11 views

CVE-2026-45043

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user minioadmin. The endpoint...

9.3CVSS0.00043EPSS

Exploits0References1

Cvelist•added 2026/04/26 12:0 p.m.•27 views

CVE-2026-7038 tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...

4.8CVSS0.00005EPSS

Exploits0References5

ATTACKERKB•added 2026/04/09 9:6 p.m.•1 views

CVE-2026-40109

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS5.9AI score0.00018EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/03/25 4:15 p.m.•1 views

CVE-2026-32538 WordPress SMTP Mailer plugin <= 1.1.24 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through = 1.1.24...

5.8AI score0.00046EPSS

Exploits0References1

Cvelist•added 2026/02/03 5:15 p.m.•22 views

CVE-2026-22220 Improper Input Validation Leading to DoS on TP-Link Archer BE230

A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 web modules may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the...

6.8CVSS0.00063EPSS

Exploits0References4

VulnCheck KEV•added 2026/01/23 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-7081

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument...

8.8CVSS5.5AI score0.08496EPSS

In wildExploits1References6

CVE•added 2026/01/22 10:5 p.m.•11 views

CVE-2026-24117

CVE-2026-24117 affects Rekor, a software supply chain transparency log. In versions ≤ 1.4.3, the path /api/v1/index/retrieve accepts a user-provided URL to retrieve a public key, enabling Server-Side Request Forgery (SSRF) to internal services. SSRF is limited to GET requests and does not return ...

5.3CVSS5.7AI score0.00016EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/01/09 9:6 a.m.•5 views

CVE-2024-34068

Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. Thi...

6.4CVSS6.5AI score0.00237EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:42 a.m.•8 views

CVE-2022-31053

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...

9.8CVSS6.8AI score0.00289EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:36 a.m.•7 views

CVE-2020-7847

The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36...

8CVSS8AI score0.00267EPSS

Exploits0References1

OSV•added 2025/12/15 9:15 p.m.•1 views

CVE-2023-36338

Inventory Management System 1 was discovered to contain a SQL injection vulnerability...

5.3CVSS5.8AI score

Exploits0References2

EUVD•added 2025/12/06 6:30 a.m.•2 views

EUVD-2025-201511

A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action i...

7.6CVSS6.3AI score0.00018EPSS

Exploits0References2

Positive Technologies•added 2025/12/06 12:0 a.m.•2 views

PT-2025-49328

Name of the Vulnerable Software and Affected Versions Apigee-X versions prior to 1-16-0-apigee-3 Description A security issue in Apigee-X could allow an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations...

7.6CVSS5.4AI score0.00018EPSS

Exploits0References10

OSV•added 2025/11/14 2:45 p.m.•19 views

HSEC-2023-0002 Improper Verification of Cryptographic Signature

Improper Verification of Cryptographic Signature The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandate...

9.8CVSS9.4AI score0.00289EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2006-1907

Malware in sbrugna...

7.5CVSS6.4AI score0.00619EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-0265

Malware in sbrugna...

7.5CVSS6.6AI score0.01003EPSS

Exploits1References21