CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/04 2:8 p.m.•3 views

CVE-2026-6499

Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5...

2.4CVSS5.8AI score0.00017EPSS

Exploits0References2Affected Software1

vulnersOsv•added 2026/05/01 9:30 a.m.•10 views

a10-octavia (>=1.0.0 <=2.2.0), gadgetfinder (>=0.0.1 <=1.0.0) +3 more potentially affected by CVE-2026-43001 via keystone (>=15.0.1 <=29.0.1)

keystone PYPI version =15.0.1, =1.0.0, =0.0.1, =0.1.0, =0.1.0, =1.12.0 Source cves: CVE-2026-43001 Source advisory: SNYK:PYTHON-KEYSTONE-16479530...

8CVSS5.8AI score0.00018EPSS

Exploits1

Exploit DB•added 2026/04/30 12:0 a.m.•47 views

deephas 1.0.7 - Prototype Pollution

Exploit Title: deephas 1.0.7 - Prototype Pollution Google Dork: N/A Date: 2026-02-01 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Vendor Homepage: https://www.npmjs.com/package/deephas Software Link: https://github.com/sharpred/deepHas Version: =...

9.4CVSS5.2AI score0.00169EPSS

Exploits4

OSV•added 2026/04/29 9:47 p.m.•2 views

GHSA-68PR-7PRH-MPV4 Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment

Summary The member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the JSON output correctly suppresses hidden columns via isVisible checks,...

2.7CVSS5.9AI score0.0001EPSS

Exploits0References4

Github Security Blog•added 2026/04/29 9:47 p.m.•4 views

Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment

2.7CVSS5.9AI score0.0001EPSS

Exploits0References4Affected Software1

NVD•added 2026/04/29 3:16 p.m.•2 views

CVE-2026-5141

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3...

8.8CVSS0.00045EPSS

RedhatCVE•added 2026/04/29 12:59 a.m.•4 views

CVE-2026-22337

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

Snyk•added 2026/04/27 6:32 p.m.•2 views

Incorrect Privilege Assignment

Overview wooey is an A Django app which creates a web GUI and task interface for argparse scripts Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the addorupdatescript function of the API endpoint. An attacker can gain unauthorized access to resources or...

6.5CVSS6.6AI score0.00054EPSS

Snyk•added 2026/04/27 5:22 p.m.•2 views

Placement of User into Incorrect Group

Overview github.com/ubuntu/authd/internal/users is an authentication daemon for external Broker Affected versions of this package are vulnerable to Placement of User into Incorrect Group in the process responsible for assigning primary group IDs when a user's primary group ID differs from their...

7.3CVSS5.8AI score0.00017EPSS

NVD•added 2026/04/27 11:16 a.m.•3 views

CVE-2026-22337

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

9.8CVSS0.00059EPSS

Vulnrichment•added 2026/04/27 10:31 a.m.•2 views

CVE-2026-22337 WordPress Directorist Social Login plugin < 2.1.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

EUVD•added 2026/04/27 10:31 a.m.•7 views

EUVD-2026-25814

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

ATTACKERKB•added 2026/04/27 10:31 a.m.•1 views

CVE-2026-22337

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

Cvelist•added 2026/04/27 10:31 a.m.•28 views

CVE-2026-22337 WordPress Directorist Social Login plugin < 2.1.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...

9.8CVSS0.00059EPSS

CNNVD•added 2026/04/27 12:0 a.m.•6 views

Authd 安全漏洞

Authd is a cloud-based identity provider authentication daemon open source in Ubuntu. Versions of Authd prior to 0.6.4 have security vulnerabilities, which stem from errors in the main group ID assignment logic, potentially leading to local privilege escalation...

7.3CVSS5.8AI score0.00017EPSS

Positive Technologies•added 2026/04/27 12:0 a.m.•4 views

PT-2026-35392

Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4...