CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1203 matches found

CVE-2026-11858

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...

8.4CVSS

Exploits0References1

Nuclei•added 13 hours ago•21 views

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

8.8CVSS8.9AI score0.05015EPSS

Exploits0References3

NVD•added 5 days ago•8 views

CVE-2026-10715

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS0.00215EPSS

Exploits0References2

Cvelist•added 5 days ago•25 views

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

5.1CVSS0.00215EPSS

Exploits0References2

Vulnrichment•added 5 days ago•8 views

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

5.1CVSS5.5AI score0.00215EPSS

Exploits0References2

Positive Technologies•added 5 days ago•5 views

PT-2026-49069

Summary A low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory whose...

7.2CVSS5.5AI score0.00029EPSS

Exploits0References5

RedhatCVE•added last week•6 views

CVE-2026-6444

A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges...

8.6CVSS5.4AI score0.00279EPSS

Exploits0References1

Cvelist•added 2026/06/10 5:16 p.m.•25 views

CVE-2026-20258 Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic...

7.1CVSS0.00174EPSS

Exploits0References1

Tenable Nessus•added 2026/06/10 12:0 a.m.•5 views

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0604)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0604 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13...

5.7CVSS5.4AI score0.00247EPSS

Exploits0References2

Tenable Nessus•added 2026/06/10 12:0 a.m.•4 views

Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0602)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0602 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3,...

7.6CVSS5.6AI score0.00255EPSS

Exploits0References2

Positive Technologies•added 2026/06/10 12:0 a.m.•9 views

PT-2026-48497

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrate...

5.7CVSS5.4AI score0.00198EPSS

Exploits0References2

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48496

In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic...

5.7CVSS5.4AI score0.00252EPSS

Exploits0References2

EUVD•added 2026/06/09 6:40 p.m.•6 views

EUVD-2026-35793

A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges...

8.6CVSS5.4AI score0.00279EPSS

Exploits0References1

Vulnrichment•added 2026/06/09 4:48 p.m.•6 views

CVE-2026-47970 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.5AI score0.00307EPSS

Exploits0References1

Veracode•added 2026/06/09 7:49 a.m.•7 views

Privilege Escalation

AWS Advanced JDBC Wrapper is vulnerable to Privilege Escalation. The vulnerability is due to an untrusted search path issue in the GlobalDatabasePlugin, where a low-privileged authenticated user can create a crafted function that is executed when another user connects through the affected wrapper...

8.6CVSS5.5AI score0.00305EPSS

Exploits0References4Affected Software1

NVD•added 2026/06/08 7:16 p.m.•8 views

CVE-2026-10786

Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server...

6.5CVSS0.00148EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:47 p.m.•8 views

CVE-2026-9223

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request...

4.3CVSS5.4AI score0.00152EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:39 p.m.•6 views

CVE-2026-34213

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

5.4CVSS5.5AI score0.0017EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:37 p.m.•8 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0024EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:31 p.m.•8 views

CVE-2026-33570

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...

6.9CVSS5.4AI score0.00161EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by