CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

CVE-2026-49347

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS

Exploits0References2

Cvelist•added 4 hours ago•9 views

CVE-2026-49347 Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown

5.3CVSS

Exploits0References2

CVE•added 4 hours ago•9 views

CVE-2026-49347

5.3CVSS5.2AI score

Exploits0References2

Positive Technologies•added 16 hours ago•5 views

PT-2026-48862

5.3CVSS5.2AI score

Exploits0References3

RedhatCVE•added 2026/03/28 4:56 a.m.•2 views

CVE-2026-33935

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS5.9AI score0.00792EPSS

Exploits1References1

ATTACKERKB•added 2026/03/27 12:43 a.m.•2 views

CVE-2026-33935

8.7CVSS5.8AI score0.00792EPSS

Exploits1References6Affected Software1

Packet Storm News•added 2026/03/10 12:0 a.m.•1 views

Execution Is the New Attack Surface: Survivability-Aware Agentic Crypto Trading with OpenClaw-Style Local Executors

OpenClaw-style agent stacks turn language into privileged execution: LLM intents flow through tool interception, policy gates, and a local executor. In parallel, skill marketplaces such as skills.sh make capability acquisition as easy as installing skills and CLIs, creating a growing capability...

5.9AI score

Exploits0

RedhatCVE•added 2025/12/05 10:33 p.m.•4 views

CVE-2025-66559

Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...

9.3CVSS6.6AI score0.0006EPSS

Exploits0References1

OSV•added 2025/12/04 10:23 p.m.•4 views

CVE-2025-66559 Taiko Alethia Pacaya inbox verification pointer corruption

9.3CVSS6.5AI score0.0006EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-34992

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00392EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 9:48 a.m.•3 views

CVE-2024-34695

WOWS Karma is a reputation system for Wargaming's World of Warships. A user is able to click multiple times on "create" on a post creation prompt before the modal closes, which triggers sending several post creation API requests at once. Due to timing, sending multiple posts simultaneously reques...

6.3CVSS6.7AI score0.00392EPSS

Exploits0References1

NVD•added 2024/05/14 3:39 p.m.•5 views

CVE-2024-34695

6.3CVSS6.1AI score0.00392EPSS

Exploits0References3

CNNVD•added 2024/05/14 12:0 a.m.•2 views

Karma 安全漏洞

Karma is a simple tool. Allows execution of JavaScript code in multiple real browsers. A security vulnerability exists in Karma versions prior to 0.17.4.1, which stems from the fact that sending multiple post requests at the same time will bypass the cooldown validation...

6.3CVSS7AI score0.00392EPSS

Exploits0References5

Cvelist•added 2024/05/10 3:57 p.m.•10 views

CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack

6.3CVSS6.3AI score0.00392EPSS

Exploits0References3

Vulnrichment•added 2024/05/10 3:57 p.m.•9 views

CVE-2024-34695 WOWS Karma vulnerable to a post submission bounce/timing attack

6.3CVSS6.6AI score0.00392EPSS

Exploits0References3

CVE•added 2024/05/10 3:57 p.m.•52 views

CVE-2024-34695

Affected software: WOWS Karma reputation system for World of Warships. Root cause / vector: A user can click the"create" button multiple times on the post-creation prompt before the modal closes, causing several API requests to be sent in parallel. This timing flaw allows bypassing the cooldown v...

6.3CVSS6.1AI score0.00392EPSS

Exploits0References3

Positive Technologies•added 2024/05/10 12:0 a.m.•2 views

PT-2024-26112 · Unknown · Wows Karma

Name of the Vulnerable Software and Affected Versions: WOWS Karma versions prior to 0.17.4.1 Description: The issue allows a user to bypass cooldown validation by sending multiple post creation API requests simultaneously. This is achieved by clicking the "create" button multiple times on a post...

6.3CVSS7.2AI score0.00392EPSS

Exploits0References5

Code423n4•added 2023/12/21 12:0 a.m.•9 views

Business Logic Vulnerability in dropTopVotedPiece Function

Lines of code Vulnerability details Potential Risk: The dropTopVotedPiece function in the CultureIndex contract allows the dropperAdmin to drop the top-voted piece. While the function checks if the caller is the dropperAdmin, there is a potential business logic vulnerability. The function only...

7.3AI score

Exploits0

Code423n4•added 2023/11/27 12:0 a.m.•8 views

Upgraded Q -> 2 from #491 [1701115520323]

Judge has assessed an item in Issue 491 as 2 risk. The relevant finding follows: L-03 While StakedUSDeV2.cooldownDuration is changed from non-zero to zero, stakers should be able to call StakedUSDeV2.unstake to withdraw assets regardless of userCooldown.cooldownEnd File: While...

7AI score

Exploits0

Code423n4•added 2023/10/30 12:0 a.m.•12 views

It is possible to prematurely unlock assets that should still be locked up by setting the cooldown duration to 0.

Lines of code Vulnerability details Impact It undermines the security of the cooldown period. Specifically: • Users who have assets locked up in the cooldown period could immediately withdraw them if the admin sets the duration to 0. This violates the intent of having a cooldown period to begin...

7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by