CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•3 views

CVE-2026-1163

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.4AI score0.00015EPSS

RedhatCVE•added yesterday•2 views

CVE-2026-1815

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

5.7CVSS5.4AI score0.00029EPSS

CVE•added yesterday•5 views

CVE-2026-46401

HAX CMS (PHP/Node.js backends) has an improper session termination vulnerability affecting versions prior to 26.0.0, where authentication tokens remain valid after logout. This allows attackers who obtain valid tokens to maintain persistent access to authenticated CMS functionality, bypassing log...

5.3CVSS5.5AI score

RedhatCVE•added yesterday•2 views

CVE-2026-40600

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affect...

8.1CVSS5.4AI score0.00036EPSS

OSV•added 5 days ago•4 views

BIT-KIBANA-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access

Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...

OSV•added 5 days ago•3 views

BIT-ELK-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access

RedhatCVE•added 2026/05/29 8:13 p.m.•5 views

CVE-2026-33463

NVD•added 2026/05/28 8:16 p.m.•5 views

CVE-2026-33463

5.3CVSS0.00068EPSS

CVE•added 2026/05/28 7:37 p.m.•9 views

CVE-2026-33463

The CVE-2026-33463 issue affects Kibana and is caused by a logic error in validating expiration timestamps, allowing time-bounded public file share tokens to remain usable after expiration and enabling an unauthenticated actor with the token to access content. Affected versions include Kibana 8.x...

Exploits0References1Affected Software1

EUVD•added 2026/05/28 7:37 p.m.•8 views

EUVD-2026-33011

ATTACKERKB•added 2026/05/28 7:37 p.m.•5 views

CVE-2026-33463

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/28 7:37 p.m.•5 views

CVE-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access

Cvelist•added 2026/05/28 7:37 p.m.•24 views

CVE-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access

5.3CVSS0.00068EPSS

Elastic•added 2026/05/28 7:24 p.m.•5 views

8.19.16, 9.3.5 Security Update (ESA-2026-33)

Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a...

5.3CVSS5.7AI score0.00068EPSS

Exploits0

Malwarebytes•added 2026/05/28 11:3 a.m.•11 views

Your Windows PC has a security deadline in June 2026

A Secure Boot certificate refresh is rolling out across supported Windows devices through Windows Update. In June 2026, the Secure Boot certificates that have shipped inside Windows since 2011 begin to expire, and Microsoft is replacing them with new 2023-dated certificates. The good news: If you...

5.7AI score

Exploits0

Snyk•added 2026/05/28 4:10 a.m.•2 views

Insufficient Session Expiration

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the startupTime reset during server restart when revokeRefreshToken=tr...

7.6CVSS5.4AI score0.00043EPSS

Positive Technologies•added 2026/05/28 12:0 a.m.•3 views

PT-2026-44490

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description A logic error in the validation of expiration timestamps allows a time-bounded access token to remain usable after its intended validity window has closed. This enables an unauthenticated acto...

Positive Technologies•added 2026/05/28 12:0 a.m.•6 views

Exploits0References4

PT-2026-44474

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...

6.9CVSS5.8AI score0.00059EPSS