CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

158 matches found

ATTACKERKB•added 2026/05/25 2:15 p.m.•9 views

CVE-2018-25379

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

8.8CVSS5.9AI score0.0039EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/25 12:0 a.m.•11 views

PT-2026-43231

8.8CVSS5.9AI score0.0039EPSS

Exploits0References4

Positive Technologies•added 2026/05/21 12:0 a.m.•8 views

PT-2026-42526

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker...

8.2CVSS5.9AI score0.00205EPSS

Exploits0References4

CNNVD•added 2026/05/04 12:0 a.m.•7 views

TOTOLINK WA300 缓冲区错误漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The TOTOLINK WA300 5.2cu.7112B20190227 version contains a buffer overflow vulnerability. This vulnerability stems from the operation of the loginauth function in the POST Request Handler component’s file...

10CVSS7.6AI score0.00619EPSS

Exploits0References2

Snyk•added 2026/04/18 3:34 p.m.•4 views

Cross-site Request Forgery (CSRF)

Overview apache-airflow-providers-keycloak is a Provider package apache-airflow-providers-keycloak for Apache Airflow Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the login authentication process due to missing generation and validation of the OAuth 2.0...

5.4CVSS5.8AI score0.00328EPSS

Exploits0References2

ATTACKERKB•added 2026/04/09 12:0 a.m.•1 views

CVE-2025-70810

Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the login function and the authentication mechanism...

6.3AI score0.00246EPSS

Exploits1References4

CNNVD•added 2026/04/09 12:0 a.m.•7 views

phpBB 安全漏洞

phpBB is a set of web forum software developed by Ariefibis. Version phpBB 3.3.15 has a security vulnerability, which stems from cross-site request forgery in the login function and authentication mechanism. This vulnerability could allow for the execution of arbitrary code...

8.8CVSS6AI score0.00246EPSS

Exploits1References4

CVE•added 2026/03/09 12:0 a.m.•5 views

CVE-2025-70973

CVE-2025-70973 affects ScadaBR 1.12.4. The issue is a Session Fixation vulnerability where the application assigns a JSESSIONID to unauthenticated users and does not regenerate the session identifier after successful authentication, allowing a pre-login session to become authenticated after login...

4.8CVSS5.8AI score0.002EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/03/06 5:40 p.m.•5 views

CVE-2026-30833 Rocket.Chat: NoSQL injection in the EE ddp-streamer-service

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, a NoSQL injection vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows unauthenticated...

6.9CVSS5.7AI score0.00268EPSS

Exploits0References1

NVD•added 2026/01/08 11:15 a.m.•5 views

CVE-2025-66001

NeuVector supports login authentication through OpenID Connect. However, the TLS verification which verifies the remote server's authenticity and integrity for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle MITM attacks...

8.8CVSS0.00321EPSS

Exploits0References2

RedhatCVE•added 2026/01/07 9:12 a.m.•9 views

CVE-2025-1852

A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The...

9.8CVSS7.4AI score0.00771EPSS

Exploits0References1

NVD•added 2025/12/15 9:15 p.m.•3 views

CVE-2023-53873

SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially disrupt service...

8.7CVSS0.00387EPSS

Exploits0References3

Positive Technologies•added 2025/12/15 12:0 a.m.•3 views

PT-2025-51291

Name of the Vulnerable Software and Affected Versions SyncBreeze version 15.2.24 Description SyncBreeze version 15.2.24 is subject to a denial of service condition within its login authentication process. An attacker can disrupt service availability by sending an oversized password parameter to t...

8.7CVSS6.8AI score0.00387EPSS

Exploits0References5

CNNVD•added 2025/12/15 12:0 a.m.•2 views

Flexense SyncBreeze 资源管理错误漏洞

Flexense SyncBreeze is a file synchronization and backup tool from Flexense. A resource management error vulnerability exists in Flexense SyncBreeze version 15.2.24, which stems from a denial-of-service vulnerability in the login authentication mechanism that could cause the service to crash...

8.7CVSS6.9AI score0.00387EPSS

Exploits0References4