CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3890 matches found

ZenML ZenML Server - Improper Authentication

ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. id: CVE-2024-25723 info:...

8.8CVSS7.7AI score0.89644EPSS

Exploits1References5

RedhatCVE•added yesterday•8 views

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0005EPSS

Exploits0References1

Nuclei•added yesterday•28 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16671 info: name:...

5.3CVSS6.4AI score0.42489EPSS

Exploits5References5

Nuclei•added yesterday•21 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16668 inf...

5.3CVSS7AI score0.52182EPSS

Exploits5References5

Nuclei•added yesterday•12 views

Profile Builder < 3.4.9 - Improper Authentication

The Profile Builder plugin before 3.4.9 for WordPress allows unauthenticated attackers to gain administrative access by exploiting an improper authentication vulnerability in the password reset functionality. An attacker can reset the password of any user, including administrators, without proper...

10CVSS7.7AI score0.75594EPSS

Exploits2References2

RedhatCVE•added 2 days ago•5 views

CVE-2026-31387

Improper Authentication vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.3CVSS5.4AI score0.00139EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-10619

A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function. The manipulation results in improper authentication. The attack can be executed remotely. The exploit is now public and may be used. This product...

7.5CVSS6.9AI score0.00093EPSS

Exploits0References1

RedhatCVE•added 2 days ago•6 views

CVE-2026-6635

A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function toolcall of the file apps/experimental/toolswebhook/app.py of the component toolswebhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be...

7.5CVSS6.7AI score0.00033EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-2812

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...

5.3CVSS5.5AI score0.00097EPSS

Exploits0References1

NVD•added 2 days ago•8 views

CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS0.00073EPSS

Exploits0References1

Cvelist•added 2 days ago•35 views

CVE-2026-11345 Improper Authentication Bypass in linqi CDN File Access

6.9CVSS0.00073EPSS

Exploits0References1

Vulnrichment•added 2 days ago•6 views

CVE-2026-11345 Improper Authentication Bypass in linqi CDN File Access

6.9CVSS5.5AI score0.00073EPSS

Exploits0References1

EUVD•added 2 days ago•6 views

EUVD-2026-34824

6.9CVSS5.5AI score0.00073EPSS

Exploits0References1

NVD•added 2 days ago•6 views

CVE-2026-6274

9.8CVSS0.0005EPSS

Exploits0References1

EUVD•added 2 days ago•6 views

EUVD-2026-34793

9.8CVSS5.5AI score0.0005EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•5 views

CVE-2026-6274

9.8CVSS5.5AI score0.0005EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2 days ago•6 views

CVE-2026-6274 Authentication Bypass in DTS Electronics' Redline WR3200

9.8CVSS5.5AI score0.0005EPSS

Exploits0References1

Nuclei•added 2 days ago•47 views

ColumbiaSoft DocumentLocator - Improper Authentication

Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by...

9.8CVSS7.5AI score0.9107EPSS

Exploits0References4

Positive Technologies•added 2 days ago•8 views

PT-2026-46931

6.9CVSS5.5AI score0.00073EPSS

Exploits0References2

EUVD•added 3 days ago•7 views

EUVD-2026-34186

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

7.5CVSS5.4AI score0.00098EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by