CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/03/13 8:11 p.m.•1 views

CVE-2026-0977

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...

5.1CVSS5.8AI score0.00205EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/03/13 12:0 a.m.•3 views

PT-2026-25371

CVE-2026-0977 IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls. https://t.co/mXB9t9PNuK...

5.1CVSS5.8AI score0.00205EPSS

Exploits0References3

Vulnrichment•added 2026/03/11 3:52 p.m.•1 views

CVE-2026-28803 Open Forms possible to view submission details of other people than intended

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...

6.5CVSS5.9AI score0.00201EPSS

EUVD•added 2026/03/11 3:31 a.m.•3 views

EUVD-2026-11061

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.5CVSS5.8AI score0.0056EPSS

OSV•added 2026/03/11 3:15 a.m.•5 views

CVE-2026-21309

7.5CVSS5.8AI score

NVD•added 2026/03/11 3:15 a.m.•2 views

CVE-2026-21289

7.5CVSS0.00603EPSS

Cvelist•added 2026/03/11 2:19 a.m.•36 views

CVE-2026-21309 Adobe Commerce | Incorrect Authorization (CWE-863)

7.5CVSS0.0056EPSS

Cvelist•added 2026/03/11 2:19 a.m.•39 views

CVE-2026-21289 Adobe Commerce | Incorrect Authorization (CWE-863)

7.5CVSS0.00603EPSS

CNNVD•added 2026/03/11 12:0 a.m.•3 views

Adobe Commerce 安全漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an authorization issue vulnerability that can be exploited by an attacker to bypass security measures and gain unauthorized viewing...

7.5CVSS5.8AI score0.0056EPSS

CNNVD•added 2026/03/11 12:0 a.m.•4 views

list-sync 代码问题漏洞

List-Sync is a tool developed by WoahAI personal developers, used for automatically syncing media servers with viewing lists. Versions of List-Sync 0.6.6 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations in the requests.post function of the component’s JS...

6.5CVSS6.7AI score0.00201EPSS

Exploits0References5

Positive Technologies•added 2026/03/10 12:0 a.m.•4 views

PT-2026-24553

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4-p16 through 2.4.9-alpha3 Description Adobe Commerce is affected by an Incorrect Authorization issue that could allow a security feature bypass. An attacker could exploit this to gain unauthorized view access to da...

7.8CVSS5.8AI score0.00603EPSS

Exploits0References10

EUVD•added 2026/03/09 7:35 p.m.•5 views

EUVD-2025-208443

FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled, and feeds of other users should be private. This...

7.5CVSS5.8AI score0.0038EPSS

Exploits1References4

EUVD•added 2026/03/09 7:35 p.m.•3 views

EUVD-2025-208442

7.5CVSS5.8AI score0.0038EPSS

Exploits1References4

ATTACKERKB•added 2026/03/09 7:35 p.m.•3 views

CVE-2025-62166

7.5CVSS5.8AI score0.0038EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/03/06 4:45 a.m.•31 views

CVE-2026-29061 Gokapi: Privilege escalation via incomplete API-key permission revocation on user rank demotion

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...

5.4CVSS0.00116EPSS

CVE•added 2026/03/06 4:45 a.m.•12 views

CVE-2026-29061

Gokapi CVE-2026-29061 summary (based on connected docs): Gokapi is a self-hosted file sharing server. Before version 2.2.3, a privilege-escalation flaw in the user rank demotion logic allows a demoted user’s existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permissions, ...

Exploits0References2Affected Software1

Snyk•added 2026/03/05 8:42 p.m.•2 views

Improper Handling of Insufficient Permissions or Privileges

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges incomplete revocation of API key permissions during the user demotion process. An attacker can maintain unauthorized access to upload-request management and log viewing endpoin...

Snyk•added 2026/03/05 8:42 p.m.•3 views

Improper Handling of Insufficient Permissions or Privileges

OSV•added 2026/03/05 8:42 p.m.•4 views

GHSA-Q658-HFPG-35QC Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion

Summary A privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permissions, enabling continued access to upload-request management and log viewing endpoints after the user has been...