CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

Snyk•added 2026/05/19 5:0 a.m.•6 views

Client-Side Enforcement of Server-Side Security

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security through the processAction registration flow in the WebAuthn...

5.3CVSS5.8AI score0.00017EPSS

Exploits0References3

EUVD•added 2026/04/22 6:31 p.m.•1 views

EUVD-2026-25048

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

5.4CVSS5.8AI score0.00015EPSS

Exploits0References3

Tenable Nessus•added 2026/04/22 12:0 a.m.•2 views

openSUSE 16 Security Update : strongswan (openSUSE-SU-2026:20547-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20547-1 advisory. Update to strongswan 6.0.4: - CVE-2025-9615: NetworkManager File Access bsc1257359. - CVE-2026-25075: Integer Underflow When Handling EAP-TTLS A...

8.7CVSS5.8AI score0.00248EPSS

Exploits2References6

Positive Technologies•added 2026/03/25 12:0 a.m.•3 views

PT-2026-28075

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS6AI score0.00022EPSS

Exploits0References2

Cvelist•added 2026/03/23 2:47 p.m.•18 views

CVE-2026-4404 Use of hard coded credentials in GoHarbor Harbor

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

0.00063EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 10:11 a.m.•4 views

CVE-2019-11618

doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 accesstoken in a uri=blog=index=blog action to...

9.8CVSS7.3AI score0.00842EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:8 a.m.•6 views

CVE-2019-20025

Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privileg...

10CVSS7.1AI score0.01995EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-1268

Malware in sbrugna...

7.2CVSS7.1AI score0.00105EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-5017

Malware in sbrugna...

6.9CVSS6.4AI score0.00103EPSS

Exploits0References2