CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

91 matches found

CVE-2026-10029

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...

5.3CVSS0.0031EPSS

Exploits0References12

EUVD•added 6 days ago•9 views

EUVD-2026-37841

5.3CVSS5.1AI score0.0031EPSS

Exploits0References12

Positive Technologies•added 6 days ago•10 views

PT-2026-50620

Name of the Vulnerable Software and Affected Versions Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress versions prior to 1.3.13.2 Description Sensitive information exposure occurs via the get events function. This allows unauthenticated attackers to extra...

5.3CVSS5.9AI score0.0031EPSS

Exploits0References14

Positive Technologies•added 2026/06/10 12:0 a.m.•11 views

PT-2026-48477

Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-1059 Insufficient Technical Documentation / Behavioral Inconsistency Summary The S3 bucket that AccountFoundation creates to receive CloudTrail and AWS Config audit logs is meant to be tamper-resistant — if someone with...

7.1CVSS5.5AI score0.00041EPSS

Exploits0References4

OSV•added 2026/05/28 10:16 a.m.•6 views

UBUNTU-CVE-2026-46140

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...

5.7AI score0.00175EPSS

Exploits0References7

NVD•added 2026/05/26 5:16 p.m.•21 views

CVE-2026-47715

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

3.1CVSS0.00154EPSS

Exploits0References2

CNNVD•added 2026/05/26 12:0 a.m.•8 views

Bugsink 安全漏洞

Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the event pages did not require events to be issues within URLs, which could allow authenticat...

3.1CVSS5.8AI score0.00154EPSS

Exploits0References3

EUVD•added 2026/04/27 12:4 a.m.•3 views

EUVD-2026-25742

There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered...

5.1CVSS5.6AI score0.00177EPSS

Exploits0References2

Vulnrichment•added 2026/03/17 11:21 p.m.•1 views

CVE-2026-26004 Sentry allows unauthorized access to event data across organizational boundaries

Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...

7.1CVSS5.8AI score0.00241EPSS

Exploits1References3

OSV•added 2026/03/17 11:21 p.m.•3 views

CVE-2026-26004 Sentry allows unauthorized access to event data across organizational boundaries

7.1CVSS5.9AI score0.00241EPSS

Exploits1References5

CVE•added 2026/03/17 11:21 p.m.•30 views

CVE-2026-26004

CVE-2026-26004 (Sentry) : A cross-organization insecure direct object reference (IDOR) exists in Sentry’s GroupEventJsonView endpoint for versions prior to 26.1.0. This could allow unauthorized access to event data across organizational boundaries. The issue is mitigated by upgrading to version 2...

7.1CVSS5.8AI score0.00241EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/03/15 1:35 p.m.•2 views

CVE-2026-28521

arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-bounds memory access that may result in information...

7.7CVSS5.8AI score0.00212EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 10:2 a.m.•7 views

CVE-2011-0756

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...

5CVSS6.8AI score0.01064EPSS

Exploits1References1

Positive Technologies•added 2025/12/24 12:0 a.m.•8 views

PT-2025-52906

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s coresight component, specifically within the tmc subsystem. The issue stems from a missing handle for events, which is crucial for retrieving auxiliar...

9.8CVSS6.3AI score0.00378EPSS

Exploits6References412

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-3335

Malware in sbrugna...

7.8CVSS7.7AI score0.00192EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2012-6215

Malware in sbrugna...

4.3CVSS6.4AI score0.01148EPSS

Exploits0References4