CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/26 9:51 p.m.•2 views

CVE-2026-27449 Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints

7.5CVSS5.9AI score0.00071EPSS

CVE•added 2026/02/26 9:51 p.m.•7 views

CVE-2026-27449

Umbraco Engage (before versions 16.2.1 and 17.1.1) exposes certain API endpoints that do not enforce authentication or authorization. An unauthenticated user can query these endpoints directly (for example via an id parameter like ?id=) to enumerate and retrieve sensitive Engage data associated w...

7.5CVSS5.7AI score0.00071EPSS

Cvelist•added 2026/01/29 7:57 p.m.•18 views

CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6CVSS0.00025EPSS

OSV•added 2025/06/24 3:12 p.m.•2 views

BIT-GITLAB-2024-4025 Inefficient Regular Expression Complexity in GitLab

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page...

7.5CVSS6.7AI score0.00199EPSS

OSV•added 2024/06/28 7:26 a.m.•19 views

BIT-GITLAB-2024-1493 Uncontrolled Resource Consumption in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the serve...

6.5CVSS6.2AI score0.00059EPSS

NVD•added 2024/06/27 12:15 a.m.•21 views

CVE-2024-1493

6.5CVSS0.00059EPSS

Tenable Nessus•added 2024/06/27 12:0 a.m.•30 views

GitLab 15.8 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-5655)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker...

9.6CVSS6.1AI score0.01741EPSS

Exploits0References4

Tenable Nessus•added 2024/06/27 12:0 a.m.•21 views

GitLab 16.10 < 16.11.5 / 17.0 < 17.0.3 / 17.1 < 17.1.1 (CVE-2024-5430)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project...

6.8CVSS5.5AI score0.00033EPSS

Exploits0References4

Cvelist•added 2024/06/26 11:31 p.m.•27 views

CVE-2024-3115 Exposure of Sensitive Information to an Unauthorized Actor in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat...

4.3CVSS0.0018EPSS

Positive Technologies•added 2024/05/15 12:0 a.m.•2 views

PT-2024-6674 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description: The issue is related to a stored XSS vulnerability that can be imported from a project with malicious...

8.7CVSS5.5AI score0.04794EPSS

Exploits0References16

SUSE CVE•added 2023/10/18 1:2 a.m.•1 views

SUSE CVE-2023-45149

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the...

4.3CVSS7AI score0.00179EPSS

Tenable Nessus•added 2022/11/08 12:0 a.m.•62 views

F5 Networks BIG-IP : OpenSSH vulnerability (K12252011)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K12252011 advisory. An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicio...

6.8CVSS7AI score0.09738EPSS

OSV•added 2022/07/18 3:15 p.m.•2 views

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS6.2AI score0.00122EPSS

CNNVD•added 2022/07/18 12:0 a.m.•1 views

Corel Parallels Desktop 安全漏洞

Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Corel Canada. A security vulnerability exists in Corel Parallels Desktop version 17.1.1 51537, which stems from a vulnerability that allows a local attacker to disclose sensitive information on an affected...

8.8CVSS7.2AI score0.00158EPSS

CNNVD•added 2022/07/18 12:0 a.m.•1 views

Corel Parallels Desktop 缓冲区错误漏洞

Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Corel Canada. A buffer error vulnerability exists in Corel Parallels Desktop version 17.1.1 51537, which stems from a vulnerability that allows a local attacker to elevate privileges on an affected Parallel...

8.2CVSS8.5AI score0.00162EPSS