CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

148 matches found

EUVD-2026-33417

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS5.9AI score0.00008EPSS

Exploits0References1

CNNVD•added 2026/05/21 12:0 a.m.•2 views

WordPress plugin Divi Form Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS5.8AI score0.00037EPSS

Exploits4References1

OSV•added 2026/04/16 11:35 p.m.•2 views

BIT-AUTHENTIK-2022-46145 authentik vulnerable to unauthorized user creation and potential account takeover

authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...

9.8CVSS7.3AI score0.01969EPSS

Exploits0References4

Wolfi•added 2026/04/11 2:51 a.m.•6 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: goreleaser, kubernetes-csi-driver-hostpath, newrelic-infrastructure-agent, configmap-reload, conjur-cli, litefs, mods, docker-cli-buildx, azure-service-operator, argo-workflows, aws-flb-cloudwatch, croc, ipfs-cluster, kapp, rancher, cosign, authservice, task,...

7.5CVSS7.1AI score0.00022EPSS

Exploits0

RedhatCVE•added 2026/04/02 10:54 p.m.•3 views

CVE-2026-34528

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...

9.8CVSS6.1AI score0.00085EPSS

Exploits1References1

Snyk•added 2026/03/31 11:44 p.m.•3 views

Incorrect Privilege Assignment

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the signupHandler in File Browser. An attacker can gain unauthorized command execution capabilities by self-registering when server-side...

9.8CVSS6AI score0.00085EPSS

Exploits1References2

Cvelist•added 2026/03/19 10:48 p.m.•19 views

CVE-2026-29100 SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Versio...

7.1CVSS0.00043EPSS

Exploits0References1

OSV•added 2026/03/19 10:48 p.m.•2 views

CVE-2026-29100 SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter

7.1CVSS6AI score0.00043EPSS

Exploits0References3

RedhatCVE•added 2026/01/14 11:19 p.m.•1 views

CVE-2022-50927

Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricte...

8.5CVSS7.1AI score0.00021EPSS

Exploits0References1

NVD•added 2026/01/13 11:15 p.m.•2 views

CVE-2022-50927

8.5CVSS0.00021EPSS

Exploits0References3

Positive Technologies•added 2025/12/24 12:0 a.m.•1 views

PT-2025-53363

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root...

8.8CVSS7.3AI score0.00161EPSS

Exploits2References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-11072

Malware in sbrugna...

6.5CVSS6.5AI score0.0019EPSS

Exploits2References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-1049

Malware in sbrugna...

7.5CVSS7.8AI score0.01278EPSS

Exploits0References4