CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 hours ago•3 views

CVE-2026-49190

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS5.8AI score

Nuclei•added 2 days ago•45 views

Apache OFBiz - Remote Code Execution

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server id: CVE-2024-45507 info: name: Apache OFBiz -...

9.8CVSS6.9AI score0.89512EPSS

Exploits0References6

CVE•added 3 days ago•8 views

CVE-2026-24756

Kiteworks CVE-2026-24756 affects the Kiteworks Secure Data Forms component. Before version 9.3.0, an Insecure Direct Object Reference (IDOR) allows an authenticated user to modify resources owned by other users due to insufficient authorization checks on ownership. A patch is available in version...

4.3CVSS5.8AI score0.00026EPSS

Exploits0References1Affected Software1

EUVD•added 3 days ago•6 views

EUVD-2026-33838

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

5.4CVSS5.8AI score0.00021EPSS

CNNVD•added 3 days ago•5 views

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...

7.5CVSS5.8AI score0.00061EPSS

OSV•added 6 days ago•3 views

GHSA-C2M8-4GCG-V22G praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}

Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspaceid/members/userid endpoint is gated by requireworkspacememberworkspaceid, which defaults to minrole="member" and is never overridden by the route. The handler then calls MemberService.updateroleworkspaceid, userid,...

9.6CVSS5.8AI score

Exploits0References2

Tenable Nessus•added 6 days ago•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-6713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

Vulnrichment•added last week•3 views

Exploits0References2

CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to authorization checks, causing excessive memory and CPU resource consumptio...

6.5CVSS5.8AI score0.00047EPSS

Cvelist•added last week•25 views

CVE-2026-42400 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

6.5CVSS0.00047EPSS

OSV•added 2026/05/27 9:12 p.m.•2 views

GHSA-6439-2F28-8P8Q Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

Description Symfony's IsGranted'...', IsSignatureValid, and IsCsrfTokenValid... attributes allow you to define a methods: ... argument to only enforce these checks for the listed HTTP methods and skip them otherwise. E.g. an attribute defining methods: 'GET' would be ignored for a HEAD request. O...

8.6CVSS5.8AI score

Exploits0References7

NVD•added 2026/05/27 7:16 p.m.•7 views

CVE-2026-6713

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks...

5.3CVSS0.00019EPSS

NVD•added 2026/05/27 7:16 p.m.•6 views

CVE-2026-2601

GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to...

4.3CVSS0.00011EPSS

ATTACKERKB•added 2026/05/27 5:55 p.m.•5 views

CVE-2026-2601

4.3CVSS5.8AI score0.00011EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/27 5:55 p.m.•67 views

CVE-2026-6713

GitLab CVE-2026-6713 affects GitLab CE/EE versions: 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1. The issue stems from incorrect authorization checks that could allow an unauthorized user to enumerate private projects. Remediations have been released: GitLab 18.10.7, 18.11.4,...

Exploits0References3Affected Software1

ATTACKERKB•added 2026/05/27 5:55 p.m.•5 views

CVE-2026-6713

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/27 5:55 p.m.•4 views

CVE-2026-6713 Incorrect Authorization in GitLab

Vulnrichment•added 2026/05/27 5:18 p.m.•7 views

CVE-2026-45081 Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution HRMS. Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0...

6.5CVSS5.8AI score0.00032EPSS