CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

188 matches found

Positive Technologies•added 2026/05/15 12:0 a.m.•7 views

PT-2026-41301

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

5.9AI score0.00036EPSS

Exploits0References3

EUVD•added 2026/05/15 12:0 a.m.•5 views

EUVD-2025-209884

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

6.5CVSS5.9AI score0.00036EPSS

Exploits0References2

Cvelist•added 2026/05/15 12:0 a.m.•33 views

CVE-2025-67437

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

0.00036EPSS

Exploits0References2

RedhatCVE•added 2026/05/06 8:22 p.m.•5 views

CVE-2026-34408

An issue was discovered in Gambio 4.9.2.0 patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0. The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known...

9.1CVSS5.9AI score0.00039EPSS

Exploits0References1

ATTACKERKB•added 2026/03/06 5:35 p.m.•3 views

CVE-2026-28514

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...

9.3CVSS5.8AI score0.00076EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/03/06 5:35 p.m.•35 views

CVE-2026-28514 Rocket.Chat: Users can login with any password via the EE ddp-streamer-service

9.3CVSS0.00076EPSS

Exploits0References3

CVE•added 2026/02/04 12:0 a.m.•5 views

CVE-2025-70997

The CVE-2025-70997 entry concerns eladmin v2.7 and earlier, where an arbitrary user password reset is possible under any user permission level. The connected Red Hat, NVD, CVE listings, and regional advisories all describe the same issue, attributing it to eladmin without detailing the root cause...

8.1CVSS5.4AI score0.00014EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/02/04 12:0 a.m.•3 views

ELADMIN 安全漏洞

ELADMIN is a backend management system developed by elunez’s individual developer. Versions of ELADMIN 2.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a vulnerability allowing arbitrary user password resets, which could lead to password resets at any user...

8.1CVSS5.9AI score0.00014EPSS

Exploits1References3

CVE•added 2025/11/30 1:53 a.m.•27 views

CVE-2025-13615

CVE-2025-13615 concerns the WordPress StreamTube Core plugin (versions up to 4.78). The issue arises from user-controlled access to objects, allowing unauthenticated attackers to bypass authorization and perform arbitrary password changes on user accounts, potentially taking over administrator ac...

9.8CVSS5.9AI score0.00277EPSS

Exploits1References2

CNNVD•added 2025/11/30 12:0 a.m.•7 views

WordPress plugin StreamTube Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary user password change vulnerability exists in the WordPress StreamTube Core plugin that originates from providing user-controlled access to objects, allowing a user ...

9.8CVSS6.6AI score0.00277EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-15586

Malware in sbrugna...

9.8CVSS9.5AI score0.00541EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-4370

Malware in sbrugna...

7.5CVSS6.1AI score0.00519EPSS

Exploits0References4