CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

oxid-esales/oxideshop-ce is vulnerable to information disclosure. The vulnerability is due to improper error handling and also Smarty syntax errors in CMS pages that may allow an attacker to access user information...

7.5CVSS6.6AI score0.00302EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/04/15 9:59 p.m.•9 views

CVE-2025-27929 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts...

6.9CVSS0.0025EPSS

Exploits0References1

Vulnrichment•added 2025/04/15 9:5 p.m.•4 views

CVE-2025-30514 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can obtain restricted information about a user's smart device collections i.e., "scenes"...

6.9CVSS5.5AI score0.00398EPSS

Exploits0References1

NVD•added 2025/02/13 1:15 p.m.•12 views

CVE-2025-1270

Insecure direct object reference IDOR vulnerability in Anapi Group's h6web, allows an authenticated attacker to access other users' information by making a POST request and modifying the “pkrelated” parameter in the “/h6web/hadatoshermano.php” endpoint to refer to another user. In addition, the...

9.1CVSS0.00332EPSS

Exploits0References1

NVD•added 2022/03/10 5:47 p.m.•11 views

CVE-2022-25823

Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log...

3.3CVSS0.00199EPSS

Exploits0References1

OSV•added 2016/11/11 10:59 p.m.•7 views

CVE-2016-9284

getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string...

5.3CVSS5.2AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by