CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6547 matches found

RedhatCVE•added 2026/02/08 1:22 a.m.•5 views

CVE-2026-25574

Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...

5.4CVSS5.3AI score0.00193EPSS

Exploits0References1

Positive Technologies•added 2026/02/08 12:0 a.m.•5 views

PT-2026-7017

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.5AI score0.00363EPSS

Exploits0References2

RedhatCVE•added 2026/02/07 7:31 p.m.•3 views

CVE-2026-25650

MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...

8.7CVSS5.5AI score0.00409EPSS

Exploits0References1

RedhatCVE•added 2026/02/07 1:23 a.m.•5 views

CVE-2026-1972

A vulnerability was found in Edimax BR-6208AC 21.02. The affected element is the function authcheckuserpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The exploit has been made public and could be used...

7.5CVSS5.5AI score0.00598EPSS

Exploits1References1

EUVD•added 2026/02/06 9:4 p.m.•4 views

EUVD-2026-5571

5.4CVSS5.3AI score0.00193EPSS

Exploits0References1

Cvelist•added 2026/02/06 9:4 p.m.•27 views

CVE-2026-25574 Payload Affected by Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)

5.4CVSS0.00193EPSS

Exploits0References1

CVE•added 2026/02/06 9:4 p.m.•12 views

CVE-2026-25574

Payload CMS prior to 3.74.0 is affected by a cross-collection IDOR in the payload-preferences internal collection. In multi-auth environments using Postgres or SQLite with default serial/auto-increment IDs, authenticated users from one auth collection can read and delete preferences belonging to ...

5.4CVSS5.3AI score0.00193EPSS

Exploits0References1Affected Software1

Github Security Blog•added 2026/02/06 6:54 p.m.•7 views

client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect

Summary Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. Vulnerable Code javascript //...

6.1CVSS5.5AI score0.00168EPSS

Exploits1References5Affected Software1

CVE•added 2026/02/06 6:53 p.m.•7 views

CVE-2026-25650

CVE-2026-25650 concerns MCP Salesforce Connector (Model Context Protocol) prior to version 0.1.10. An arbitrary attribute access flaw allows disclosure of Salesforce OAuth bearer tokens used by MCP-Salesforce. Multiple sources (Red Hat, NVD, CVE lists, advisories) confirm the issue and that it is...

8.7CVSS5.5AI score0.00409EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/02/06 6:53 p.m.•5 views

CVE-2026-25650

8.7CVSS5.5AI score0.00409EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/02/06 6:53 p.m.•24 views

CVE-2026-25650 MCP Salesforce Connector has arbitrary attribute access which leads to disclosure of Salesforce auth token

8.7CVSS0.00409EPSS

Exploits0References3

Vulnrichment•added 2026/02/06 6:53 p.m.•2 views

CVE-2026-25650 MCP Salesforce Connector has arbitrary attribute access which leads to disclosure of Salesforce auth token

8.7CVSS5.7AI score0.00409EPSS

Exploits0References3

EUVD•added 2026/02/06 6:53 p.m.•7 views

EUVD-2026-5627

8.7CVSS5.5AI score0.00409EPSS

Exploits0References3

ATTACKERKB•added 2026/02/06 6:50 p.m.•5 views

CVE-2026-25651

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

6.1CVSS5.6AI score0.00168EPSS

Exploits1References3Affected Software1

OSV•added 2026/02/06 3:57 p.m.•4 views

OESA-2026-1311 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

8.8CVSS6.4AI score0.48666EPSS

Exploits7References2

Snyk•added 2026/02/06 5:6 a.m.•4 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the auth-proxy-set-headers annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code and access sensitive information by supplying crafted...

8.8CVSS5.9AI score0.00469EPSS

Exploits0References2

OSV•added 2026/02/06 4:15 a.m.•3 views

CVE-2025-15566

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS6.2AI score0.00469EPSS

Exploits0References1