CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

155 matches found

OSV•added 2026/03/11 7:23 p.m.•3 views

GHSA-GQC5-XV7M-GCJQ Shopware has user enumeration via distinct error codes on Store API login endpoint

Summary The Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown CHECKOUTCUSTOMERNOTFOUND. The "not found" response also echoes the...

5.3CVSS5.8AI score0.00055EPSS

Exploits0References3

Vulnrichment•added 2026/03/11 6:53 p.m.•0 views

CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown...

5.3CVSS5.8AI score0.00055EPSS

Exploits0References1

ATTACKERKB•added 2026/03/11 6:53 p.m.•1 views

CVE-2026-31888

5.3CVSS5.8AI score0.00055EPSS

Exploits0References2Affected Software2

Cvelist•added 2026/03/11 6:53 p.m.•25 views

CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint

5.3CVSS0.00055EPSS

Exploits0References1

OSV•added 2026/03/11 6:53 p.m.•1 views

CVE-2026-31888 Shopware has user enumeration via distinct error codes on Store API login endpoint

5.3CVSS5.8AI score0.00055EPSS

Exploits0References3

Positive Technologies•added 2026/03/11 12:0 a.m.•3 views

PT-2026-24794

5.3CVSS5.8AI score0.00055EPSS

Exploits0References4

Tenable Nessus•added 2026/01/20 12:0 a.m.•5 views

MiracleLinux 7 : firefox-91.4.0-1.0.1.el7.AXS7 (AXSA:2021-2597:33)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2597:33 advisory. Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function...

8.8CVSS8.1AI score0.00967EPSS

Exploits0References10

SUSE CVE•added 2026/01/06 12:23 a.m.•2 views

SUSE CVE-2025-68763

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Correctly handle return of sgnentsforlen The return value of sgnentsforlen was assigned to an unsigned long in starfivehashdigest, causing negative error codes to be converted to large positive integers. Add...

6.6CVSS6.8AI score0.00025EPSS

Exploits0References3

OSV•added 2026/01/05 10:15 a.m.•1 views

UBUNTU-CVE-2025-68763

5.8AI score0.00025EPSS

Exploits0References26

UbuntuCve•added 2026/01/05 10:15 a.m.•1 views

CVE-2025-68763

5.8AI score0.00025EPSS

Exploits0References25

Cvelist•added 2026/01/05 9:32 a.m.•19 views

CVE-2025-68763 crypto: starfive - Correctly handle return of sg_nents_for_len

0.00025EPSS

Exploits0References5

Positive Technologies•added 2026/01/05 12:0 a.m.•3 views

PT-2026-1251

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's crypto subsystem, specifically within the starfive implementation. The sg nents for len function's return value was incorrectly assigned to an unsigne...

4.6CVSS6.4AI score0.00025EPSS

Exploits0

OSV•added 2025/12/24 1:16 p.m.•6 views

AZL-73132 CVE-2025-68740 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchrules, if imafilterrulematch returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if !rc' check and sets 'result = true'. The LSM rule is...

5.8AI score0.00058EPSS

Exploits0References1

OSV•added 2025/12/24 1:16 p.m.•0 views

UBUNTU-CVE-2025-68740

5.9AI score0.00058EPSS

Exploits0References35

ATTACKERKB•added 2025/12/24 12:9 p.m.•8 views

CVE-2025-68740

5.3AI score0.00058EPSS

Exploits0References9Affected Software1

OSV•added 2025/12/19 9:32 a.m.•3 views

CLSA-2025-1766136770 Fix CVE(s): CVE-2025-26465

SECURITY UPDATE: VerifyHostKeyDNS server impersonation - debian/patches/CVE-2025-26465.patch: Fix cases where error codes were not correctly set - CVE-2025-26465...

6.8CVSS7.1AI score0.61739EPSS

Exploits4References1

Tenable Nessus•added 2025/11/05 12:0 a.m.•1 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988782)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988782 advisory. In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tlserrabort calls sk-skerr appears to expect a positive value, a...

7.8CVSS5.9AI score0.00032EPSS

Exploits0References4

Tenable Nessus•added 2025/10/21 12:0 a.m.•2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987639)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987639 advisory. In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tlserrabort calls sk-skerr appears to expect a positive value, a...

7.8CVSS5.9AI score0.00032EPSS

Exploits0References4

NVD•added 2025/10/18 8:15 a.m.•1 views

CVE-2025-10750

The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.2.0. This is due to missing capability checks and authentication verification on the 'testUser' endpoint accessible via the moepbradminobserver function hooked ...

5.3CVSS0.00127EPSS

Exploits0References5