CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

76 matches found

CVE-2026-40908

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...

5.3CVSS5.4AI score0.00088EPSS

Exploits1References1

NVD•added 2026/05/28 10:16 a.m.•10 views

CVE-2026-46231

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to the backbonegw for which the claim was intended. Call...

5.5CVSS0.00013EPSS

Exploits0References8

NVD•added 2026/05/11 10:22 p.m.•7 views

CVE-2026-43875

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly fro...

6.8CVSS0.0001EPSS

Exploits0References2

Vulnrichment•added 2026/05/11 8:32 p.m.•7 views

CVE-2026-43875 WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover

6.8CVSS5.8AI score0.0001EPSS

Exploits0References2

CNNVD•added 2026/05/07 12:0 a.m.•4 views

FreeScout 代码问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained code vulnerabilities. This vulnerability stemmed from the/user-setup/hash endpoint, which did not expire the...

9.1CVSS5.9AI score0.00043EPSS

Exploits0References2

Github Security Blog•added 2026/05/05 7:8 p.m.•8 views

AVideo: Password Hash Leak in MobileManager OAuth Redirect URL Enables Account Takeover

Summary plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly from the users table. AVideo's own login endpoint objects/login.json.php accept...

6.8CVSS5.8AI score0.0001EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/05 12:0 a.m.•11 views

PT-2026-37291

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An issue exists where the endpoint 'plugin/MobileManager/oauth2.php' completes an OAuth login by redirecting the user to 'oauth2Success.php' via an HTTP 302 response. This redirect includes the user's...

6.8CVSS5.9AI score0.0001EPSS

Exploits0References6

NVD•added 2026/04/09 4:16 p.m.•2 views

CVE-2025-15480

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...

9.1CVSS0.00057EPSS

Exploits0References2

Vulnrichment•added 2026/04/09 3:2 p.m.•2 views

CVE-2025-15480 Senstive information disclosure was affecting ubuntu-desktop-provision

6.9CVSS5.8AI score0.00057EPSS

Exploits0References2

CNNVD•added 2026/04/09 12:0 a.m.•4 views

Ubuntu Desktop Provision 安全漏洞

Ubuntu Desktop Provision is an open-source desktop configuration tool developed by Canonical. Version 24.04.4 of Ubuntu Desktop Provision contains a security vulnerability, which stems from improper handling of crash reports and could lead to password hash leaks...

9.1CVSS5.8AI score0.00057EPSS

Exploits0References3

OSV•added 2026/03/20 2:24 p.m.•2 views

OESA-2026-1660 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...

7.4CVSS5.8AI score0.00058EPSS

Exploits1References2

Packet Storm•added 2026/01/16 12:0 a.m.•157 views

📄 AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the AVideos notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an...

9.3CVSS7.9AI score0.41084EPSS

Exploits2

Vulnrichment•added 2025/12/16 6:38 p.m.•9 views

CVE-2025-14553 Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

7CVSS6.2AI score0.00023EPSS

Exploits0References3

CVE•added 2025/12/16 6:38 p.m.•19 views

CVE-2025-14553

Summary: CVE-2025-14553 concerns TP-Link Tapo mobile apps (iOS/Android) exposing password hashes via an unauthenticated API response, enabling attackers on the local network to brute-force credentials. Multiple connected sources confirm: affected product scope includes TP-Link Tapo cameras; impac...

7CVSS6.2AI score0.00023EPSS

Exploits0References3