CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161298 matches found

Positive Technologies•added 2026/06/16 12:0 a.m.•9 views

PT-2026-49839

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.5CVSS5.1AI score0.00272EPSS

Exploits0References2

Positive Technologies•added 2026/06/16 12:0 a.m.•12 views

PT-2026-49884

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

9.9CVSS5.3AI score0.00411EPSS

Exploits0References2

Positive Technologies•added 2026/06/16 12:0 a.m.•17 views

PT-2026-51224

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The Docker API server contains an authentication bypass issue caused by a hardcoded default JWT JSON Web Token signing key. A JWT is a compact, URL-safe means of representing claims to be transferre...

9.8CVSS5.9AI score0.00407EPSS

Exploits0References19

Positive Technologies•added 2026/06/16 12:0 a.m.•21 views

PT-2026-50138

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.1 Description In the Git Smart HTTP path, the system fails to enforce repository-scoped access-token permissions when tokens are provided via Bearer authentication. While the CheckRepoScopedToken function is design...

8.1CVSS5.9AI score0.00039EPSS

Exploits0References4

IBM Security Bulletins•added 2026/06/15 10:17 p.m.•5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Authentication, Insertion of Sensitive Information into Log File, Improper Encoding or Escaping of Output (CVE-2026-34500, CVE-2026-34487, CVE-2026-34483)

Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34500, CVE-2026-34487, CVE-2026-34483. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34483 DESCRIPTION: Improper Encoding or Escaping...

7.5CVSS6.8AI score0.00469EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/15 10:13 p.m.•3 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Authentication Bypass Using an Alternate Path or Channel (CVE-2026-22731, CVE-2026-22733)

Summary There are vulnerabilities in spring-boot-actuator-autoconfigure-3.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22731, CVE-2026-22733. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with...

8.2CVSS7.6AI score0.0036EPSS

Exploits0Affected Software1

EUVD•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36989

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

7.1CVSS5.2AI score0.00385EPSS

Exploits0References2

EUVD•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36987

Unauthenticated Broken Authentication in ReviewX = 2.3.6 versions...

7.5CVSS5.2AI score0.00294EPSS

Exploits0References2

EUVD•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36929

Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...

7.1CVSS5.2AI score0.00385EPSS

Exploits0References2

EUVD•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36765

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client when doing client authentication, which allows impersonation with certificates that are not meant for client authentication because of KeyUsage and ExtendedKeyUsage...

5.2AI score0.00191EPSS

Exploits0References2

EUVD•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36764

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...

5.2AI score0.00225EPSS

Exploits1References2

EUVD•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36747

ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...

5.5AI score0.00511EPSS

Exploits0References2

EUVD•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36748

A Time-Based Blind SQL Injection vulnerability in the aliasmanagement module of OpenSIPS Control Panel opensips-cp prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in aliasmanagement.php...

6.2AI score0.00361EPSS

Exploits1References2

Cvelist•added 2026/06/15 9:19 p.m.•31 views

CVE-2026-11832 Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable...

0.00327EPSS

Exploits0References4