CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/23 6:16 p.m.•2 views

CVE-2026-41908

OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-proxy callers without operator.read scope to access protected assistant-media files and metadata. Attackers can bypass identity-bearing HTTP auth path scope validation to...

6.5CVSS0.00222EPSS

Exploits0References3

EUVD•added 2026/04/21 6:27 p.m.•4 views

EUVD-2026-24037

OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation...

2CVSS5.7AI score0.0022EPSS

Exploits0References5

The Hacker News•added 2026/04/21 11:30 a.m.•6 views

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks remain a dominant...

5.6AI score

ATTACKERKB•added 2026/04/21 12:47 a.m.•0 views

CVE-2026-40264

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

2CVSS5.8AI score0.0022EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/21 12:0 a.m.•3 views

PT-2026-33885

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3 Description OpenBao is an open source identity-based secrets management system that utilizes namespaces for multi-tenant separation. A flaw exists where a tenant that leaks token accessors may have their token...

2.7CVSS5.2AI score0.0022EPSS

Exploits0References19

Microsoft Secure•added 2026/04/17 2:51 p.m.•4 views

Containing a domain compromise: How predictive shielding shut down lateral movement

In this article 1. Predictive shielding overview 2. Attack chain overview 3. How predictive shielding changed the outcome 4. MITRE ATT&CK® techniques observed 5. Learn more In identity-based attack campaigns, any initial access activity can turn an already serious intrusion into a critical incide...

6AI score

NVD•added 2026/04/17 9:16 a.m.•1 views

CVE-2025-15624

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext...

9.3CVSS0.0038EPSS

CVE•added 2026/03/27 2:10 p.m.•24 views

CVE-2026-33757

OpenBao (before 2.5.2) is vulnerable to a login flow issue when using JWT/OIDC with a role whose callback_mode is direct: no user confirmation is prompted, enabling remote phishing by auto-logging in to the attacker’s session. Version 2.5.2 adds a confirmation screen for direct logins to require ...

9.6CVSS5.9AI score0.0037EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/03/26 3:4 p.m.•2 views

CVE-2026-3020

Identity based authorization bypass vulnerability IDOR that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other...

The Hacker News•added 2026/03/20 10:0 a.m.•4 views

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Artificial Intelligence AI is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional...

5.8AI score

NVD•added 2026/03/16 2:19 p.m.•3 views

CVE-2026-3020

8.6CVSS0.0024EPSS

Vulnrichment•added 2026/03/16 10:9 a.m.•1 views

CVE-2026-3020 Identity based authorization bypass vulnerability (IDOR) in the Wakyma application web

ATTACKERKB•added 2026/03/16 10:9 a.m.•2 views

CVE-2026-3020

Cvelist•added 2026/03/16 10:9 a.m.•29 views

Exploits0References2

CVE-2026-3020 Identity based authorization bypass vulnerability (IDOR) in the Wakyma application web

8.6CVSS0.0024EPSS

CVE•added 2026/03/16 10:9 a.m.•12 views

CVE-2026-3020

CVE-2026-3020 describes an Identity based authorization bypass (IDOR) in the Wakyma application web. The flaw allows an attacker to modify data on a legitimate user account (e.g., changing the victim’s email, validating a new email, requesting a password) which could enable taking control of othe...

CNNVD•added 2026/03/16 12:0 a.m.•5 views

Wakyma 安全漏洞

Wakyma is a pet management app developed by the Spanish company Wakyma. There is a security vulnerability in Wakyma, which stems from an exploit of identity-based authorization. This vulnerability could allow attackers to modify data in legitimate user accounts and gain full control over other...