CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2026/05/19 12:0 a.m.•8 views

@glorysoft/mcs_tool (>=0.0.25 <=0.0.28), @ithinkdt/lowcode (>=4.0.0 <=4.0.4) +13 more potentially affected by unknown CVE via @antv/x6 (=3.1.7)

@antv/x6 NPM version =3.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/x6 and may be impacted: - @glorysoft/mcstool =0.0.25, =4.0.0, =2.0.0, =0.7.0, =0.7.0, =0.14.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =1.0.4 Source cves: unknown...

5.8AI score

Exploits0

vulnersOsv•added 2026/05/19 12:0 a.m.•7 views

@ithinkdt/lowcode (>=4.0.0 <=4.0.4), @nywqs/scada-engine (>=2.0.0 <=2.0.3) +2 more potentially affected by unknown CVE via @antv/x6-vue-shape (=3.0.2)

@antv/x6-vue-shape NPM version =3.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/x6-vue-shape and may be impacted: - @ithinkdt/lowcode =4.0.0, =2.0.0, =1.0.0, =1.0.54 - ems-desktop =1.0.8-202601151630 Source cves: unknown CVE Source advisory...

5.8AI score

Exploits0

Vulnrichment•added 2026/05/12 9:57 a.m.•4 views

CVE-2026-8072 Insecure generation of SAT access credentials in Ingecon EMS Board

Insecure generation of credentials in the local SAT Technical Support access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an...

ATTACKERKB•added 2026/05/12 9:57 a.m.•2 views

CVE-2026-8072

Cvelist•added 2026/05/12 9:57 a.m.•31 views

Exploits0References3

CVE-2026-8072 Insecure generation of SAT access credentials in Ingecon EMS Board

9.2CVSS0.00023EPSS

CVE•added 2026/05/12 9:57 a.m.•11 views

CVE-2026-8072

CVE-2026-8072 affects the Ingecon Sun EMS Board, via insecure generation of local SAT (Technical Support) access credentials. The root cause is a weak cryptographic scheme used to derive secret credentials, enabling privilege escalation. The CVSS vector indicates Network access, high attack compl...

CNNVD•added 2026/05/12 12:0 a.m.•6 views

Ingeteam Ingecon Sun EMS Board 加密问题漏洞

The Ingeteam Ingecon Sun EMS Board is a control and communication expansion card developed by Ingeteam for photovoltaic power generation and energy management scenarios. The Ingeteam Ingecon Sun EMS Board has encryption-related vulnerabilities. These vulnerabilities stem from insecure credential...

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Exploits0References1

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fixed the use of “free” after memory allocation in emspcmciaaddcard. If the last channel is not available, then “dev” is freed. Fortunately, we can simply use “pdev-irq” instead. Additionally, we should check whethe...

7.8CVSS5.8AI score0.00018EPSS

GithubExploit•added 2026/04/19 9:46 a.m.•120 views

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 — FortiClient EMS Pre-Auth Bypass Proof of Con...

9.8CVSS5.8AI score0.34753EPSS

The Hacker News•added 2026/04/14 5:39 a.m.•4 views

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 CVSS score: 9.1 - An SQL injection...

9.8CVSS7.4AI score0.7621EPSS

Exploits5

EUVD•added 2026/04/13 9:31 a.m.•0 views

EUVD-2026-21883

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...

7.1CVSS5.8AI score0.00039EPSS

ATTACKERKB•added 2026/04/13 6:31 a.m.•0 views

CVE-2026-40436

7.1CVSS5.8AI score0.00039EPSS

Cvelist•added 2026/04/13 6:31 a.m.•27 views

CVE-2026-40436 ZTE ZXEDM iEMS product has a password reset vulnerability

7.1CVSS0.00039EPSS

Exploits0References1

CISA KEV Catalog•added 2026/04/13 12:0 a.m.•8 views

Fortinet FortiClient EMS SQL Injection Vulnerability

Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

9.8CVSS7.7AI score0.62516EPSS

In wildExploits1

Positive Technologies•added 2026/04/13 12:0 a.m.•0 views

PT-2026-32281

7.1CVSS5.8AI score0.00039EPSS

Packet Storm News•added 2026/04/07 12:0 a.m.•5 views

FortiClient EMS 7.4.6 Vulnerability Assessment Tool

CVE-2026-35616 is a pre-authentication API bypass in FortiClient EMS 7.4.5 and 7.4.6 that allows remote, unauthenticated attackers to bypass certificate-based authentication through HTTP header spoofing. The Django application trusts user-controllable HTTP headers X-SSL-CLIENT-VERIFY,...

9.8CVSS6.1AI score0.34753EPSS

GithubExploit•added 2026/04/06 9:4 p.m.•137 views

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 Vulnerability Assessment Tool Safely detect wh...

9.8CVSS6.2AI score0.34753EPSS

GithubExploit•added 2026/04/06 3:24 p.m.•140 views

Exploit for CVE-2026-35616

markdown CVE-2026-35616 - FortiClient EMS API Authentication B...

9.8CVSS6AI score0.34753EPSS