CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/27 12:0 a.m.•8 views

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the...

9CVSS5.8AI score0.00292EPSS

CNNVD•added 2026/05/14 12:0 a.m.•8 views

vCluster Platform 跨站脚本漏洞

vCluster Platform is an open-source virtual cluster manager developed by vCluster. Versions prior to vCluster Platform 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type cross-site scripting in the name field of the...

9CVSS5.8AI score0.00312EPSS

Vulnrichment•added 2026/03/27 7:18 p.m.•1 views

CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS6AI score0.00184EPSS

Positive Technologies•added 2026/03/27 12:0 a.m.•3 views

PT-2026-28630

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet, an open source device management software, had a flaw in how user invitations were handled. Specifically, the email address entered when accepting an invitation wasn’t checked against the email...

8.8CVSS5.9AI score0.60368EPSS

Exploits18References45

RedhatCVE•added 2026/02/05 1:22 p.m.•6 views

CVE-2026-0873

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator...

NVD•added 2026/02/04 11:16 a.m.•5 views

CVE-2026-0873

7CVSS0.00238EPSS

ATTACKERKB•added 2026/02/04 10:42 a.m.•9 views

CVE-2026-0873

Vulnrichment•added 2026/02/04 10:42 a.m.•3 views

CVE-2026-0873 Privilege Elevation in Ercom Cryptobox administration console

CVE•added 2026/02/04 10:42 a.m.•11 views

CVE-2026-0873

The issue concerns Ercom Cryptobox administration console on Cryptobox platforms using administrator segregation by entities. Affected component: the administration console; vulnerability type: privilege escalation where an authenticated entity administrator with sufficient knowledge can elevate ...

Cvelist•added 2026/02/04 10:42 a.m.•25 views

CVE-2026-0873 Privilege Elevation in Ercom Cryptobox administration console

7CVSS0.00238EPSS

EUVD•added 2026/02/04 10:42 a.m.•3 views

EUVD-2026-5513

Positive Technologies•added 2026/02/04 12:0 a.m.•12 views

PT-2026-6025

Name of the Vulnerable Software and Affected Versions Ercom Cryptobox affected versions not specified Description The Ercom Cryptobox administration console contains flaws that permit an authenticated entity administrator, possessing sufficient knowledge, to escalate their privileges to global...

CNNVD•added 2026/02/04 12:0 a.m.•4 views

Exploits0References3

Ercom Cryptobox 安全漏洞

Ercom Cryptobox is an encryption collaboration platform developed by the French company Ercom. There is a security vulnerability in Ercom Cryptobox, which stems from a flaw in the management console. This flaw may allow entity administrators to gain global administrator privileges...

7CVSS5.8AI score0.00238EPSS

EUVD•added 2025/12/18 9:31 p.m.•3 views

EUVD-2025-204364

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege...

8.6CVSS6.4AI score0.00289EPSS

Exploits0References3

NVD•added 2025/12/18 8:15 p.m.•4 views

CVE-2020-36890

8.6CVSS0.00289EPSS

OSV•added 2025/12/18 8:15 p.m.•2 views

CVE-2020-36890

8.6CVSS5.8AI score0.00289EPSS

Vulnrichment•added 2025/12/18 7:53 p.m.•3 views

CVE-2020-36890 Kentico Xperience <= 10 Administrator Access Control Bypass

8.6CVSS6.6AI score0.00289EPSS