Lucene search
K

48 matches found

NVD
NVD
added 2026/07/07 6:16 a.m.11 views

CVE-2026-57867

MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords OTP to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3...

8.8CVSS0.00342EPSS
Exploits0References2
NVD
NVD
added 2026/07/07 6:16 a.m.10 views

CVE-2026-57870

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 5:34 a.m.16 views

EUVD-2026-42008

Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS6AI score0.00361EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 5:34 a.m.15 views

CVE-2026-57871

CVE-2026-57871 describes a relative path traversal vulnerability in MicroRealEstate’s file upload functionality that could potentially overwrite system files. Affected software: MicroRealEstate up to version 1.0.0-alpha3 . Root cause: relative path traversal in the file upload process. Impact: po...

7.1CVSS6AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/07 5:24 a.m.30 views

CVE-2026-57869

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 5:18 a.m.6 views

EUVD-2026-42004

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 5:11 a.m.7 views

EUVD-2026-42003

MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords OTP to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3...

8.8CVSS6AI score0.00342EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.5 views

CVE-2026-21282

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input,...

5.3CVSS5.8AI score0.00524EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-21292

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker attacker to inject malicious scripts into vulnerable form fields. Exploitation of...

5.4CVSS5.8AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-21285

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures an...

4.3CVSS5.8AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 3:31 a.m.7 views

EUVD-2026-11041

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 3:15 a.m.10 views

CVE-2026-21310

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue does not require user...

5.3CVSS0.00302EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 3:15 a.m.6 views

CVE-2026-21309

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.5CVSS0.0056EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 3:15 a.m.5 views

CVE-2026-21295

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issu...

3.1CVSS0.00233EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 3:15 a.m.8 views

CVE-2026-21296

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures an...

4.3CVSS0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 2:19 a.m.6 views

CVE-2026-21291

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Exploitation of this...

4.8CVSS5.8AI score0.00267EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 2:19 a.m.6 views

CVE-2026-21293

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

5.5CVSS5.8AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 2:19 a.m.6 views

EUVD-2026-11036

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input,...

5.3CVSS5.8AI score0.00524EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 2:19 a.m.4 views

CVE-2026-21286 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited...

5.3CVSS6.2AI score0.00295EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/11 2:19 a.m.5 views

EUVD-2026-11038

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ma...

8.1CVSS5.7AI score0.00382EPSS
Exploits0References1
Rows per page
Query Builder