CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

101 matches found

CNNVD•added 2026/05/18 12:0 a.m.•4 views

Mattermost 访问控制错误漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, as well as 11.4.3 and earlier 11.4.x series, have a access control vulnerability. This vulnerability stems from the failure to validat...

4.3CVSS5.8AI score0.00016EPSS

Exploits0References1

CVE•added 2026/04/08 12:28 p.m.•8 views

CVE-2026-24511

Technical details about CVE-2026-24511 are not publicly provided in the supplied documents. Monitor for updates from vendors and standard advisories.

4.4CVSS5.9AI score0.00007EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/08 12:28 p.m.•16 views

CVE-2026-24511

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information...

4.4CVSS0.00007EPSS

Exploits0References1

Cvelist•added 2026/01/26 7:36 p.m.•18 views

CVE-2025-11065 Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

5.3CVSS0.00009EPSS

Exploits0References4

Cvelist•added 2026/01/23 12:0 a.m.•17 views

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...

0.00054EPSS

Exploits0References3

CNVD•added 2025/12/25 12:0 a.m.•1 views

ChurchCRM Information Disclosure Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from an information disclosure vulnerability that originates from the disclosure of database information in an error message, which can be exploited by an attacker to cause the disclosure of database information, including...

9.9CVSS5.9AI score0.00069EPSS

Exploits1References1

CNNVD•added 2025/12/12 12:0 a.m.•2 views

Japan Total System多款产品安全漏洞

Japan Total System GroupSession Free edition, among others, is an enterprise collaboration software from Japan Total System, a Japanese company. A security vulnerability exists in several Japan Total System products, which originates from unauthenticated WebSockets and may lead to the disclosure ...

6.9CVSS5.4AI score0.00016EPSS

Exploits0References2

Vulnrichment•added 2025/10/16 6:52 p.m.•3 views

CVE-2025-34254 D-Link Nuclias Connect <= v1.3.1.4 Login Account Enumeration

D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability. The application's 'Login' endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the...

6.9CVSS6.8AI score0.00041EPSS

Exploits0References3