CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 4 days ago•9 views

CVE-2026-45154

Nextcloud Collectives vulnerability: from version 2.6.0 through before 4.3.0, if a collective page was deleted and the collective was shared view‑only, guests with access could directly retrieve the deleted pages from the trashbin. Root cause: improper access control. A fix is available in versio...

Vulnrichment•added 4 days ago•7 views

CVE-2026-45154 Nextcloud: Improper Access Control in Collectives

EUVD•added 4 days ago•5 views

EUVD-2026-33673

Positive Technologies•added 4 days ago•8 views

PT-2026-45470

CVE•added 2026/05/22 2:6 p.m.•12 views

Exploits0References4

CVE-2026-8347

The CVE-2026-8347 entry affects Concrete CMS 9.5.0 and earlier, where the Express association Reorder dialog is vulnerable to IDOR and wrong-authorization-level handling, enabling cross-entity state tampering under view-only permissions. The issue is triggered by reliance on Express entity orderi...

4.3CVSS5.8AI score0.00027EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/22 2:6 p.m.•5 views

CVE-2026-8347 Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialog

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

2.3CVSS5.8AI score0.00027EPSS

Cvelist•added 2026/05/22 2:6 p.m.•7 views

CVE-2026-8347 Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialog

2.3CVSS0.00027EPSS

ATTACKERKB•added 2026/05/22 2:6 p.m.•3 views

CVE-2026-8347

4.3CVSS5.8AI score0.00027EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/22 2:6 p.m.•5 views

EUVD-2026-31442

4.3CVSS5.8AI score0.00027EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•4 views

PT-2026-42773

2.3CVSS5.8AI score0.00027EPSS

RedhatCVE•added 2026/05/12 2:21 p.m.•8 views

CVE-2025-40897

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

Nextcloud•added 2026/05/12 9:10 a.m.•7 views

View-only guests could see deleted Collectives pages in the trashbin

None...

2.6CVSS5.8AI score0.00025EPSS

Exploits0References2Affected Software1

EUVD•added 2026/04/17 6:31 p.m.•1 views

EUVD-2025-209469

NVD•added 2026/04/15 9:16 a.m.•3 views

CVE-2025-40897

8.1CVSS0.00047EPSS

ATTACKERKB•added 2026/04/15 8:18 a.m.•4 views

CVE-2025-40897

Cvelist•added 2026/04/15 8:18 a.m.•24 views

CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0

8.1CVSS0.00047EPSS

Vulnrichment•added 2026/04/15 8:18 a.m.•3 views

CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0

CVE•added 2026/04/15 8:18 a.m.•6 views

CVE-2025-40897

The CVE-2025-40897 entry concerns Guardian/CMC Threat Intelligence prior to version 26.0.0, where an access control flaw allows users with view-only privileges to perform administrative actions, potentially altering rules configuration and affecting availability. The vulnerability stems from impr...

Positive Technologies•added 2026/04/15 12:0 a.m.•3 views

PT-2026-33014