CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

142 matches found

Github Security Blog•added 2026/05/27 12:3 a.m.•11 views

Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints

Summary The IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core do not enforce the required SystemPrivilege.ControlAccess check. As a result, any authenticated user even those with low or no privileges can enumerate all user accounts in the system, including their...

5.8AI score

Exploits2References2Affected Software1

EUVD•added 2026/05/14 8:8 p.m.•3 views

EUVD-2026-30478

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

7.1CVSS5.9AI score0.00069EPSS

Exploits0References1

EUVD•added 2026/03/10 6:31 p.m.•2 views

EUVD-2026-10460

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

5.8CVSS5.8AI score0.00039EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:49 a.m.•3 views

CVE-2022-37914

Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a...

9.8CVSS7.7AI score0.05057EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:56 a.m.•4 views

CVE-2020-12307

Improper permissions in some IntelR High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7AI score0.00037EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:57 a.m.•5 views

CVE-2023-31276

Heap-based buffer overflow in BMC Firmware for the IntelR Server Board S2600WF, IntelR Server Board S2600ST, IntelR Server Board S2600BP, before version 02.01.0017 and IntelR Server Board M50CYP and IntelR Server Board D50TNP before version R01.01.0009 may allow a privileged user to enable...

8.4CVSS7.5AI score0.00063EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:42 a.m.•3 views

CVE-1999-0135

admintool in Solaris allows a local user to write to arbitrary files and gain root access...

7.2CVSS7.1AI score0.00171EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-4588

Malware in sbrugna...

5.3CVSS5.3AI score0.00124EPSS

Exploits0References2