CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

337 matches found

CVE•added 2026/05/26 5:10 p.m.•9 views

CVE-2026-44707

CVE-2026-44707 (Chatwoot) : From 2.14.0 up to before 4.13.0, an authentication flow vulnerability allows a pre-registered, unowned email to set a password, enabling a Pre-Account Takeover. If the legitimate user later signs in via Google OAuth or another OmniAuth provider, the OAuth flow can sile...

6.8CVSS5.8AI score0.00043EPSS

Exploits0References3

Positive Technologies•added 2026/04/28 12:0 a.m.•3 views

PT-2026-35749

A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request...

7.1CVSS5.3AI score0.00057EPSS

Exploits0References1

NVD•added 2026/04/08 7:25 p.m.•1 views

CVE-2026-35407

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

6.5CVSS0.00013EPSS

Exploits0References6

RedhatCVE•added 2026/04/03 11:1 p.m.•6 views

CVE-2026-34828

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

7.1CVSS5.8AI score0.00016EPSS

Exploits2References1

RedhatCVE•added 2026/01/27 9:23 p.m.•4 views

CVE-2025-9521

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...

6.5CVSS5.9AI score0.00046EPSS

Exploits0References1

OSV•added 2026/01/26 8:16 p.m.•2 views

CVE-2025-9521

6.5CVSS5.8AI score0.00046EPSS

Exploits0References2

Positive Technologies•added 2026/01/26 12:0 a.m.•3 views

PT-2026-4809

Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description A security issue exists in Omada Controllers that allows an attacker possessing a valid session token to bypass secondary verification. This bypass enables the attacker to alter a...

6.5CVSS5.8AI score0.00046EPSS

Exploits0References6

RedhatCVE•added 2025/12/09 12:29 p.m.•8 views

CVE-2025-42615

In affected versions, vulnerability-lookup did not track or limit failed One-Time Password OTP attempts during Two-Factor Authentication 2FA verification. An attacker who already knew or guessed a valid username and password could submit an arbitrary number of OTP codes without causing the accoun...

8.1CVSS7AI score0.00066EPSS

Exploits0References1

CNNVD•added 2025/10/30 12:0 a.m.•2 views

LibreChat 安全漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A security vulnerability exists in LibreChat version 0.7.9, which stems from a failure to properly validate the OTP or backup code during the 2FA disablement process, which could result in reduced account security...

8.8CVSS4.5AI score0.00058EPSS

Exploits1References2