CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Description There is a minor issue in the 2-Factor Authentication 2FA flow. when a user tries to disable 2FA from the dashboard, the system should ask for a valid OTP or backup code and verify it through the following API: POST /api/auth/2fa/verify HTTP/1.1 Host: 127.0.0.1:3080 User-Agent:...

8.8CVSS6.1AI score0.00058EPSS

Exploits1

CVE•added 2025/06/11 10:25 a.m.•47 views

CVE-2025-4128

CVE-2025-4128 affects Mattermost server: vulnerable products are Mattermost versions 10.5.x (up to 10.5.4) and 9.11.x (up to 9.11.13). The issue is an improper access restriction that allows guest users to bypass permissions and view information about public teams they are not members of via dire...

4.3CVSS3.7AI score0.00128EPSS

Exploits0References1Affected Software1

OSV•added 2025/05/15 6:31 p.m.•6 views

GHSA-H356-3MFW-X368 Mattermost Fails to Verify User's Permissions When Accessing Groups

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...

4.3CVSS6.4AI score0.0017EPSS

Exploits0References3

NVD•added 2025/04/02 6:15 a.m.•15 views

CVE-2024-36465

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

8.8CVSS0.02177EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 2:53 p.m.•5 views

CVE-2020-15202

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

9CVSS6.5AI score0.00502EPSS

Exploits1

Positive Technologies•added 2024/10/07 12:0 a.m.•1 views

PT-2024-31846 · Solvait · Solvait

Name of the Vulnerable Software and Affected Versions: Solvait version 24.4.2 Description: A security flaw has been discovered that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in "/AssignToMe/SetAction" API endpoint, an attacker can...

6.5CVSS6.3AI score0.00128EPSS

Exploits1References7

Vulnrichment•added 2023/05/23 12:0 a.m.•9 views

CVE-2023-23301

The news MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon...

9.3AI score0.00898EPSS

Exploits1References1

Cvelist•added 2017/12/18 7:0 p.m.•20 views

CVE-2017-15103

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation...

7.8AI score0.02426EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by