CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/01/26 2:49 p.m.•3 views

BIT-MOODLE-2025-3634 Moodle: moodle allows course self-enrolment before completing mfa

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

4.3CVSS5.9AI score0.00219EPSS

OSV•added 2026/01/26 2:49 p.m.•4 views

BIT-MOODLE-2025-3627 Moodle: partial data exposure in moodle before completing multi-factor authentication

A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication 2FA...

4.3CVSS5.9AI score0.0029EPSS

OSV•added 2026/01/26 2:49 p.m.•4 views

BIT-MOODLE-2025-3625 Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...

7.1CVSS5.9AI score0.00356EPSS

NVD•added 2026/01/26 10:16 a.m.•5 views

CVE-2025-59090

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

9.3CVSS0.01039EPSS

CVE•added 2026/01/26 10:3 a.m.•14 views

CVE-2025-59090

CVE-2025-59090 affects dormakaba exos 9300 systems where an unauthenticated SOAP API is exposed on port 8002. The API is reachable without credentials, enabling an attacker with network access to create arbitrary access log events and query 2FA PINs linked to enrolled chip cards. CVSS metrics in ...

Vulnrichment•added 2026/01/26 10:3 a.m.•3 views

CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300

ATTACKERKB•added 2026/01/26 10:3 a.m.•1 views

CVE-2025-59090

Positive Technologies•added 2026/01/26 12:0 a.m.•6 views

PT-2026-4740

Name of the Vulnerable Software and Affected Versions exos 9300 server affected versions not specified Description A SOAP API is reachable on port 8002 on the exos 9300 server without requiring authentication. Network access to the server allows for actions such as creating arbitrary access log...

CNNVD•added 2026/01/26 12:0 a.m.•4 views

Exploits0References8

Dormakaba Exos 9300 security vulnerabilities

The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability. This vulnerability stems from the SOAP API, which requires no authentication, potentially allowing the creation of arbitra...

9.3CVSS7.4AI score0.01039EPSS

RedhatCVE•added 2026/01/23 3:21 p.m.•4 views

CVE-2026-0723

7.4CVSS5.9AI score0.00832EPSS

Exploits0References1

RedhatCVE•added 2026/01/23 6:19 a.m.•3 views

CVE-2026-24038

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP i...

8.1CVSS5.5AI score0.00443EPSS

Exploits1References1

GithubExploit•added 2026/01/22 8:1 p.m.•168 views

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

CVE-2024-10924 / Auth Bypass 2FA to RCE Exploit - Author: J...

9.8CVSS5.9AI score0.81722EPSS

Exploits21

NVD•added 2026/01/22 3:16 p.m.•5 views

CVE-2026-0723

7.4CVSS0.00832EPSS

UbuntuCve•added 2026/01/22 3:16 p.m.•0 views

CVE-2026-0723

7.4CVSS6.1AI score0.00832EPSS