CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Microsoft CVE•added 2026/05/19 2:0 p.m.•14 views

Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...

7.8CVSS5.8AI score0.00408EPSS

Exploits0

RedhatCVE•added 2026/05/19 1:56 p.m.•9 views

CVE-2026-45365

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, an internal-only bypassfilter parameter is exposed on the /openai/chat/completions and /ollama/api/chat HTTP endpoints via FastAPI query string binding, allowing any authenticated...

5.4CVSS5.8AI score0.00193EPSS

Exploits1References1

RedhatCVE•added 2026/05/19 1:56 p.m.•12 views

CVE-2026-44558

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...

5.4CVSS5.9AI score0.0019EPSS

Exploits1References1

Vulnrichment•added 2026/05/19 1:45 p.m.•7 views

CVE-2026-44159 Tyler Identity Local (TID-L) default administrative credentials

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

9.8CVSS5.8AI score0.00477EPSS

Cvelist•added 2026/05/19 1:45 p.m.•33 views

CVE-2026-44159 Tyler Identity Local (TID-L) default administrative credentials

9.8CVSS0.00477EPSS

ATTACKERKB•added 2026/05/19 1:45 p.m.•7 views

CVE-2026-44159

9.8CVSS5.8AI score0.00477EPSS

Exploits0References3

Cvelist•added 2026/05/19 1:22 p.m.•35 views

CVE-2025-40903 HTML injection in Schedule Restore Archive in Guardian/CMC before 26.1.0

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS0.00194EPSS

EUVD•added 2026/05/19 1:22 p.m.•8 views

EUVD-2025-209896

EUVD•added 2026/05/19 1:21 p.m.•5 views

EUVD-2025-209893

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

CVE•added 2026/05/19 1:21 p.m.•20 views

CVE-2025-40902

CVE-2025-40902 describes a Stored HTML Injection in the Guardian/CMC Users feature prior to 26.1.0. An authenticated admin can create a user whose username contains HTML tags; when a victim deletes a group containing that user, the injected HTML may render in the browser, enabling phishing and po...

Exploits0References2Affected Software2

Cvelist•added 2026/05/19 1:21 p.m.•32 views

CVE-2025-40902 HTML injection in Users in Guardian/CMC before 26.1.0

5.9CVSS0.00194EPSS

ATTACKERKB•added 2026/05/19 1:21 p.m.•6 views

CVE-2025-40902

ATTACKERKB•added 2026/05/19 1:19 p.m.•7 views

CVE-2025-40901

Vulnrichment•added 2026/05/19 1:19 p.m.•9 views

CVE-2025-40901 HTML injection in Credentials Manager in Guardian/CMC before 26.1.0