CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

EUVD•added 2026/04/07 3:30 p.m.•3 views

EUVD-2026-19703

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS5.8AI score0.00048EPSS

Exploits0References3

NVD•added 2026/04/07 3:17 p.m.•1 views

CVE-2026-5384

5.8CVSS0.00048EPSS

Exploits0References2

ATTACKERKB•added 2026/04/07 2:12 p.m.•0 views

CVE-2026-5384

5.8CVSS5.8AI score0.00048EPSS

Exploits0References3

Positive Technologies•added 2026/04/07 12:0 a.m.•1 views

PT-2026-30879

5.8CVSS5.8AI score0.00048EPSS

Exploits0References3

RedhatCVE•added 2026/01/08 3:14 a.m.•3 views

CVE-2025-14942

wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must...

9.4CVSS6.9AI score0.00065EPSS

Exploits0References1

Vulnrichment•added 2026/01/06 5:26 p.m.•3 views

CVE-2025-14942 Authentication Bypass

9.4CVSS6.5AI score0.00065EPSS

Exploits0References1

RedhatCVE•added 2025/10/31 10:7 p.m.•2 views

CVE-2024-13996

Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...

9.8CVSS6.8AI score0.00184EPSS

Exploits0References1

EUVD•added 2025/10/31 12:30 a.m.•1 views

EUVD-2024-55047

9.2CVSS6.3AI score0.00184EPSS

Exploits0References4

OSV•added 2025/10/30 10:15 p.m.•1 views

CVE-2024-13996

9.8CVSS5.8AI score

Exploits0References3

NVD•added 2025/10/30 10:15 p.m.•5 views

CVE-2024-13996

9.8CVSS0.00184EPSS

Exploits0References3

CVE•added 2025/10/30 9:44 p.m.•11 views

CVE-2024-13996

CVE-2024-13996 affects Nagios XI prior to 2024R1.1.3. The issue is that changing a user password does not invalidate all other active sessions, allowing pre-existing sessions (potentially attacker-controlled) to remain valid and permit continued unauthorized access to user data and actions. Multi...

9.8CVSS6.5AI score0.00184EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2025/10/30 9:44 p.m.•6 views

CVE-2024-13996 Nagios XI < 2024R1.1.3 Session Not Invalidated After Password Change

9.2CVSS6.5AI score0.00184EPSS

Exploits0References3

OSV•added 2023/09/28 11:52 a.m.•5 views

SUSE-SU-2023:3885-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.8 Important Salt minion update SUSE Manager Pay-as-you-go PAYG Automated RHUI credential update Monitoring: Prometheus upgraded to 2.45.0 Monitoring: Apache exporter updated to version 1.0.0 Expose...

7.8CVSS6.8AI score0.00175EPSS

Exploits0References41

OSV•added 2017/05/18 2:29 p.m.•0 views

UBUNTU-CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...

8.8CVSS7.3AI score0.01257EPSS

Exploits0References5

CNVD•added 2015/06/23 12:0 a.m.•1 views

Multiple Vulnerabilities in Apple OS X Keychain/WebSocket/Sandbox ACLs

Apple Mac OS X is an operating system for Apple devices. Multiple vulnerabilities exist in the Apple OS X Keychain/WebSocket/Sandbox ACL. 1 A remote user can create an application that, when installed by the target user, can access the target application's keychain entries, delete the keychain...

6.8AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by