CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/28 12:0 a.m.•9 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana. This vulnerability stems from issues with operations after resources expire or terminate. As a result, time-limited access tokens can still be used beyon...

5.3CVSS5.8AI score0.00237EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•8 views

PT-2026-42037

Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...

6.1CVSS5.9AI score0.00045EPSS

Cvelist•added 2026/03/23 9:37 p.m.•17 views

CVE-2026-32299 Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

7.5CVSS0.00268EPSS

Vulnrichment•added 2026/03/23 9:37 p.m.•1 views

CVE-2026-32299 Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

OSV•added 2026/03/23 9:37 p.m.•1 views

CVE-2026-32299 Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

EUVD•added 2026/03/23 8:38 p.m.•3 views

Exploits0References5

EUVD-2026-14574

Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature...

Snyk•added 2026/03/23 8:38 p.m.•1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through insufficient authorization checks in the page content retrieval. An attacker can access the contents and attachments of non-public pages by sending unauthorized requests. Remediation Upgrade...

Github Security Blog•added 2026/03/23 8:38 p.m.•7 views

Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

Security Advisory — Page Content Retrieval Improper Authorization Summary An improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1...

7.5CVSS5.7AI score0.00268EPSS

Exploits0References5Affected Software1

OSV•added 2026/03/23 8:38 p.m.•1 views

GHSA-62CH-J6X7-722J Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

7.5CVSS5.7AI score0.00268EPSS

Exploits0References5

Positive Technologies•added 2026/03/23 12:0 a.m.•4 views

PT-2026-27232

7.5CVSS5.7AI score0.00268EPSS

Exploits0References7

NVD•added 2026/01/16 1:16 p.m.•11 views

CVE-2026-0612

The Librarian contains a information leakage vulnerability through the webfetch tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor has fixed the vulnerability in all versions ...

7.5CVSS0.00342EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-7441

Malicious code in bioql PyPI...

7.3CVSS7.5AI score0.0039EPSS

Exploits0References5

RedhatCVE•added 2025/05/23 6:48 a.m.•4 views

CVE-2024-51210

Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full...

5.3CVSS6.9AI score0.00478EPSS

RedhatCVE•added 2025/05/22 11:10 p.m.•5 views

CVE-2022-36104

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...

7.5CVSS6.7AI score0.01254EPSS

RedhatCVE•added 2025/05/22 10:4 p.m.•7 views

CVE-2022-36363

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA1 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA1 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA1 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA1 All versions, LOGO! 24CE 6ED1052-1CC08-0BA1 All versions, LOGO! 24CEo...

5.3CVSS6.8AI score0.0038EPSS

Drupal•added 2025/05/21 12:0 a.m.•14 views

Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-064

This module provides a block to easily display a rendered node. The module doesn't check access to content before displaying it to a visitor, allowing unauthorized users to retrieve a list of labels of all nodes...

5.3CVSS6.6AI score0.00229EPSS