CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

91 matches found

RedhatCVE•added 2026/06/05 7:19 p.m.•7 views

CVE-2026-49002

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...

9.1CVSS5.5AI score0.00308EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 8:19 a.m.•8 views

CVE-2026-49002

9.1CVSS5.8AI score0.00308EPSS

Exploits0References2

Github Security Blog•added 2026/04/28 10:39 p.m.•10 views

FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field

Summary The application fails to validate the nick parameter during a POST request to the EditUser controller. Although the UI prevents editing this field, a user can bypass this restriction using a proxy to rename any account including the Administrator. This leads to Broken Access Control and...

5.3CVSS5.2AI score0.0033EPSS

Exploits0References3Affected Software1

Malwarebytes•added 2026/02/17 10:20 a.m.•17 views

Hobby coder accidentally creates vacuum robot army

Sammy Azdoufal wanted to steer his robot vacuum with a PS5 controller. Like any good maker, he thought it would be fun to drive a new DJI Romo around manually. He ended up gaining access to an army of robotic cleaners that gave him eyes into thousands of homes. Driven by purely playful reasons,...

5.8AI score

Exploits0

ATTACKERKB•added 2026/01/30 11:3 a.m.•4 views

CVE-2026-22624

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization...

4.3CVSS5.9AI score0.00243EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2026/01/14 4:45 p.m.•10 views

Weblate leaks information via screenshots

Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 References Thanks to Lukas May and Michael Leu...

7.5CVSS7AI score0.00323EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/01/08 2:58 p.m.•17 views

CVE-2025-4596 Information disclosure via IDOR in Asseco AMDX

Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX...

5.3CVSS0.00281EPSS

Exploits0References1

CNVD•added 2025/11/27 12:0 a.m.•2 views

Online Shopping Portal Insecure Direct Object Reference Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...

4.3CVSS6.7AI score0.0021EPSS

Exploits1References1

OSV•added 2025/11/25 7:15 p.m.•3 views

CVE-2025-64065

The Primakon Pi Portal 1.0.18 API /api/V2/ppudfvadmin endpoint, fails to perform necessary server-side validation. The administrative LoginAs or user impersonation feature is vulnerable to a access control failure. This flaw allows any authenticated low-privileged user to execute a direct PATCH...

8.8CVSS6AI score0.00251EPSS

Exploits0References2

Positive Technologies•added 2025/11/25 12:0 a.m.•6 views

PT-2025-48073

The Primakon Pi Portal 1.0.18 API /api/V2/pp udfv admin endpoint, fails to perform necessary server-side validation. The administrative LoginAs or user impersonation feature is vulnerable to a access control failure. This flaw allows any authenticated low-privileged user to execute a direct PATCH...

7.2AI score0.00251EPSS

Exploits0References3

CVE•added 2025/11/25 12:0 a.m.•12 views

CVE-2025-64065

Primakon Pi Portal 1.0.18 exposes /api/V2/pp_udfv_admin to authenticated, low-privilege users via an access control flaw (Broken Function Level Authorization) and insecure design, enabling direct PATCH-based impersonation of arbitrary users, including Administrators, without password or admin tok...

8.8CVSS6.8AI score0.00251EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/11/25 12:0 a.m.•5 views

CVE-2025-64065

6.8AI score0.00251EPSS

Exploits0References2

Cvelist•added 2025/11/24 12:0 a.m.•6 views

CVE-2025-60914

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

0.00154EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-6722

Malware in sbrugna...

9.1CVSS9AI score0.01323EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-22758

Malware in sbrugna...

9.8CVSS9.1AI score0.01201EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-16807

Malware in sbrugna...

10CVSS9.5AI score0.01795EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2021-9988

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.01005EPSS

Exploits0References2

Github Security Blog•added 2025/09/19 9:31 p.m.•6 views

Mattermost boards plugin fails to restrict download access to files

Mattermost versions 10.5.x = 10.5.8, 9.11.x = 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration...

6.5CVSS6.8AI score0.0025EPSS

Exploits0References6Affected Software3