CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-0908

Malicious code in bioql PyPI...

8.2CVSS6.5AI score0.00264EPSS

Exploits0References6

Tenable Nessus•added 2025/09/10 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2016-7143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mauthenticate function in modules/msasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as...

8.1CVSS7.6AI score0.01006EPSS

Exploits0References2

RedhatCVE•added 2025/08/10 6:14 p.m.•3 views

CVE-2012-10047

Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a...

10CVSS8.6AI score0.53203EPSS

Exploits0References1

Cvelist•added 2024/08/26 4:36 p.m.•19 views

CVE-2024-7401 Client Enrollment Process Bypass

Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a...

8.5CVSS0.00619EPSS

Exploits0References3

CVE•added 2024/08/26 4:36 p.m.•82 views

CVE-2024-7401

CVE-2024-7401 affects Netskope Client enrollment: NSClient uses a static OrgKey token as authentication parameter, which cannot be rotated if leaked. Root cause is the static token in the enrollment flow; impact is impersonation by enrolling NSClient from a customer tenant. Public fix details are...

8.5CVSS6.7AI score0.00619EPSS

Exploits0References3Affected Software1

CNNVD•added 2024/08/26 12:0 a.m.•1 views

Netskope Client 安全漏洞

Netskope Client is a client program from Netskope, Inc. that is used to connect to manage the Netskope Cloud Platform. A security vulnerability exists in Netskope Client that stems from the use of a static token as an authentication parameter during the registration process, which can be used by ...

8.5CVSS6.9AI score0.00619EPSS

Exploits0References3

RedhatCVE•added 2024/03/18 5:56 p.m.•184 views

CVE-2024-22257

A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVotervote passing a NULL authentication parameter. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to...

9.8CVSS8.2AI score0.00264EPSS

Exploits0References4

Github Security Blog•added 2024/03/18 3:30 p.m.•66 views

Erroneous authentication pass in Spring Security

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVotervote passing a null...

8.2CVSS8.3AI score0.00264EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2023/03/30 12:0 a.m.•3 views

PT-2023-17202 · Sourcecodester · Sourcecodester Young Entrepreneur E-Negosyo System

Name of the Vulnerable Software and Affected Versions: SourceCodester Young Entrepreneur E-Negosyo System version 1.0 Description: A critical issue was found in the system, affecting an unknown part of the file login.php. The manipulation of the U USERNAME argument leads to sql injection. It is...

9.8CVSS8AI score0.00238EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 4:16 a.m.•1 views

SUSE CVE-2019-5885

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

7.5CVSS7.8AI score0.00773EPSS

Exploits0References3

OSV•added 2022/05/13 1:8 a.m.•14 views

GHSA-JRQM-V8CV-53WW Matrix Synapse Predictable Secret Key

8.7CVSS7.5AI score0.00773EPSS

Exploits0References11

Github Security Blog•added 2022/05/13 1:8 a.m.•18 views

Matrix Synapse Predictable Secret Key

7.5CVSS7.1AI score0.00773EPSS

Exploits0References11Affected Software1

OSV•added 2020/07/24 1:15 a.m.•0 views

CVE-2020-15924

There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters...

7.5CVSS7.1AI score0.00574EPSS

Exploits1References1

Prion•added 2020/07/24 1:15 a.m.•10 views

Sql injection

There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters...

5CVSS8AI score0.00574EPSS

Exploits1References1Affected Software1

OSV•added 2020/07/22 7:15 p.m.•0 views

CVE-2020-15896

An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NONEEDAUTH. If the value of NONEEDAUTH is...

7.5CVSS7.1AI score

Exploits0References2

Prion•added 2020/02/04 2:15 p.m.•9 views

Authorization

D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters...

6.8CVSS7.2AI score0.35281EPSS

Exploits7References4Affected Software1