CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

688 matches found

NVD•added 2026/06/17 1:20 p.m.•9 views

CVE-2026-48929

Rocket.Chat in versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any uploaded file by ID without requiring authentication. When called via an unauthenticated DDP WebSocket...

7.5CVSS0.00641EPSS

Exploits0References2

RedhatCVE•added 2026/06/05 7:29 p.m.•8 views

CVE-2026-2902

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontendrewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping. Th...

6.1CVSS5.7AI score0.00215EPSS

Exploits0References1

RedhatCVE•added 2026/05/29 2:12 p.m.•7 views

CVE-2026-41125

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All versions, blueplanet...

6CVSS7.1AI score0.00155EPSS

Exploits0References1

EUVD•added 2026/05/12 12:32 p.m.•7 views

EUVD-2026-29433

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All versions, blueplanet...

6CVSS5.8AI score0.00155EPSS

Exploits0References2

NVD•added 2026/05/12 10:16 a.m.•8 views

CVE-2026-41125

6CVSS0.00155EPSS

Exploits0References1

CVE•added 2026/05/12 8:21 a.m.•16 views

CVE-2026-41125

Technical details are not publicly available in the provided documents; monitor for updates.

6CVSS7.2AI score0.00155EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 8:21 a.m.•10 views

CVE-2026-41125

6CVSS7.2AI score0.00155EPSS

Exploits0References1

Cvelist•added 2026/05/12 8:21 a.m.•35 views

CVE-2026-41125

6CVSS0.00155EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 8:21 a.m.•6 views

CVE-2026-41125

6CVSS7.2AI score0.00155EPSS

Exploits0References2

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-39990

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All versions, blueplanet...

6CVSS5.8AI score0.00155EPSS

Exploits0References2

Cvelist•added 2026/05/04 5:30 p.m.•31 views

CVE-2026-42092 Global Settings Publication Exposes Sensitive Configuration to Any Authenticated User in Titra

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

6.5CVSS0.00219EPSS

Exploits0References1

CVE•added 2026/05/04 5:30 p.m.•10 views

CVE-2026-42092

CVE-2026-42092 affects titra (open source time tracking) in version 0.99.52. The globalsettings Meteor publication returns all global settings without admin/role checks, allowing any authenticated user to subscribe via DDP and retrieve sensitive fields such as google_secret, openai_apikey, and go...

6.5CVSS5.8AI score0.00219EPSS

Exploits0References1

CNNVD•added 2026/05/04 12:0 a.m.•9 views

titra 信息泄露漏洞

Titra is a time tracking project developed by Kromit. Version 0.99.52 of Titra contains an information leakage vulnerability. This vulnerability stems from the Meteor framework’s behavior, which returns all global settings without any checks for administrator or role permissions. As a result, any...

6.5CVSS5.8AI score0.00219EPSS

Exploits0References2

Positive Technologies•added 2026/05/04 12:0 a.m.•7 views

PT-2026-36884

Name of the Vulnerable Software and Affected Versions titra version 0.99.52 Description The globalsettings Meteor publication returns all global settings without performing administrative or role-based access checks. This allows any authenticated user to subscribe via DDP Distributed Data Protoco...

6.5CVSS5.8AI score0.00219EPSS

Exploits0References4

NVD•added 2026/04/29 12:16 p.m.•3 views

CVE-2026-2902

6.1CVSS0.00215EPSS

Exploits0References5

ATTACKERKB•added 2026/04/29 11:17 a.m.•2 views

CVE-2026-2902

6.1CVSS5.5AI score0.00215EPSS

Exploits0References6

EUVD•added 2026/04/29 11:17 a.m.•6 views

EUVD-2026-26209

6.1CVSS5.5AI score0.00215EPSS

Exploits0References5

Cvelist•added 2026/04/29 11:17 a.m.•31 views

CVE-2026-2902 WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting via Comment

6.1CVSS0.00215EPSS

Exploits0References5

Patchstack•added 2026/04/29 9:59 a.m.•4 views

WordPress WP Meteor Website Speed Optimization Addon plugin <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Meteor Page Speed Optimization Topping versions = 3.4.16...

6.1CVSS5.1AI score0.00215EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/06 8:16 p.m.•5 views

CVE-2026-30847

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publication in Wekan publishes user documents with no field filtering, causing the ReactiveCache.getUsers call to return all fields including highly sensitive data such as bcrypt password...

9.3CVSS0.00235EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by