CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 3 days ago•11 views

DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters because of an incomplete fix for CVE-2018-15811. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code...

7.5CVSS7.4AI score0.92962EPSS

Exploits6References5

Nuclei•added 3 days ago•12 views

DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.1 use a weak encryption algorithm to protect input parameters. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code execution. id: CVE-2018-15811 info: name: DotNetNuke...

7.5CVSS7.4AI score0.92962EPSS

Exploits5References4

RedhatCVE•added last week•7 views

CVE-2026-49000

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms...

Vulnrichment•added 2026/05/27 3:38 a.m.•7 views

CVE-2026-49000 Cryptography Implementation Flaw vulnerability in ZTE ZXUniPOS NDS-LTE product

CVE•added 2026/05/27 3:38 a.m.•11 views

CVE-2026-49000

Technical details (affected products, components, versions, exploit info) are not publicly available in the provided documents. Monitor for updates from NVD, the CVE List, and vendors.

ATTACKERKB•added 2026/05/27 3:38 a.m.•5 views

CVE-2026-49000

EUVD•added 2026/05/27 3:38 a.m.•9 views

EUVD-2026-32049

CNNVD•added 2026/05/27 12:0 a.m.•5 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has security vulnerabilities, which stem from unsafe password schemes. These include improper selection of encryption algorithms, inadequate key management, or defects in code...

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43492

5.3CVSS5.9AI score0.00031EPSS

RedhatCVE•added 2026/05/10 8:20 p.m.•7 views

CVE-2026-7807

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

8.7CVSS5.9AI score0.00014EPSS

Vulnrichment•added 2026/05/08 7:54 p.m.•4 views

CVE-2026-7807 SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API

8.7CVSS5.9AI score0.00014EPSS

Positive Technologies•added 2026/05/08 12:0 a.m.•5 views

PT-2026-39193

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 9560 Description An issue in the '/api/v1/report/summary/type' API endpoint allows authenticated users to perform local file inclusion, enabling the reading of arbitrary .json files on the system. Thi...

8.7CVSS5.9AI score0.00014EPSS

Exploits0References4

EUVD•added 2026/05/04 12:39 a.m.•1 views

EUVD-2026-26862

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00047EPSS

RedhatCVE•added 2026/04/29 1:44 a.m.•4 views

CVE-2026-5039

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized...

8.8CVSS5.3AI score0.00021EPSS

ATTACKERKB•added 2026/04/26 11:58 p.m.•2 views

CVE-2026-42363

9.3CVSS5.6AI score0.00046EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/26 11:58 p.m.•1 views

EUVD-2026-25743

9.3CVSS5.5AI score0.00046EPSS

CVE•added 2026/04/26 11:58 p.m.•6 views

CVE-2026-42363

CVE-2026-42363 affects GeoVision GV-IP Device Utility 9.0.5. The Device Authentication flow encrypts credentials using a protocol resembling Blowfish, but the symmetric key is included in the packet, making confidentiality rely on obscurity. When admin users interact with devices, credentials may...

9.3CVSS5.6AI score0.00046EPSS

CNVD•added 2026/04/23 12:0 a.m.•1 views

IBM Verify Identity Access Container Weak Encryption Algorithm Vulnerability

IBM Verify Identity Access Container is an identity and access management solution for providing secure single sign-on and access control. A weak cryptographic algorithm vulnerability exists in IBM Verify Identity Access Container. The vulnerability stems from the product's use of a...

6.5CVSS5.4AI score0.00016EPSS

Exploits0

CNNVD•added 2026/04/23 12:0 a.m.•3 views

IBM多款产品加密问题漏洞

6.5CVSS5.8AI score0.00016EPSS