CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/05 12:0 a.m.•3 views

CVE-2026-34408

5.9AI score0.00039EPSS

CVE•added 2026/05/05 12:0 a.m.•3 views

CVE-2026-34408

CVE-2026-34408 affects Gambio 4.9.2.0. The issue is that the password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the user ID is known. Root cause: insecure password reset flow leading to unauthorized password changes. A patch was released in 2024-02 v1.0.0...

9.1CVSS5.9AI score0.00039EPSS

Positive Technologies•added 2026/05/05 12:0 a.m.•2 views

PT-2026-37042

Name of the Vulnerable Software and Affected Versions Gambio versions 4.0.0.0 through 4.9.2.0 Description A flaw in the password reset function allows an attacker to bypass security checks and set arbitrary passwords for any account, provided the account ID is known. Recommendations Apply the...

9.1CVSS5.9AI score0.00039EPSS

Exploits0References6

Cvelist•added 2026/05/05 12:0 a.m.•31 views

CVE-2026-34408

0.00039EPSS

ATTACKERKB•added 2026/05/05 12:0 a.m.•1 views

CVE-2026-34408

5.9AI score0.00039EPSS

Exploits0References3

CNNVD•added 2026/05/05 12:0 a.m.•4 views

Gambio 安全漏洞

Gambio is an integrated e-commerce solution developed by the Gambio company. Version Gambio 4.9.2.0 contains a security vulnerability. This vulnerability arises from the possibility of bypassing the password reset function; as long as the ID is known, any password for any account can be set...

9.1CVSS5.8AI score0.00039EPSS

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-3384

Malware in sbrugna...

4.8CVSS5.2AI score0.00235EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-3383

Malware in sbrugna...

8.8CVSS8.6AI score0.00141EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-3382

Malware in sbrugna...

4.9CVSS5.3AI score0.00275EPSS

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-3381

Malware in sbrugna...

4.9CVSS5.3AI score0.00275EPSS

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2010-4918

Malware in sbrugna...

7.5CVSS6.4AI score0.00389EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-21215

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00035EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-21216

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00094EPSS

RedhatCVE•added 2025/05/23 9:43 a.m.•7 views

CVE-2024-23761

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template...

9.8CVSS7.7AI score0.00093EPSS

RedhatCVE•added 2025/05/23 9:43 a.m.•7 views

CVE-2024-23763

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiersattribute parameter...

9.8CVSS8.3AI score0.00094EPSS

RedhatCVE•added 2025/05/23 9:42 a.m.•3 views

CVE-2024-23760

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot...

2.7CVSS6.4AI score0.00059EPSS

RedhatCVE•added 2025/05/23 9:42 a.m.•13 views

CVE-2024-23759

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function...

9.8CVSS9.5AI score0.67111EPSS

Exploits4References1

RedhatCVE•added 2025/05/23 9:42 a.m.•4 views

CVE-2024-23762

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file...

7.8CVSS8AI score0.00035EPSS