CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

686 matches found

CVE-2026-41125

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All versions, blueplanet...

6CVSS7.1AI score0.00025EPSS

Exploits0References1

EUVD•added 2026/05/12 12:32 p.m.•4 views

EUVD-2026-29433

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All versions, blueplanet...

6CVSS5.8AI score0.00025EPSS

Exploits0References2

NVD•added 2026/05/12 10:16 a.m.•5 views

CVE-2026-41125

6CVSS0.00025EPSS

Exploits0References1

Cvelist•added 2026/05/12 8:21 a.m.•29 views

CVE-2026-41125

6CVSS0.00025EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 8:21 a.m.•2 views

CVE-2026-41125

6CVSS7.2AI score0.00025EPSS

Exploits0References2

CVE•added 2026/05/12 8:21 a.m.•5 views

CVE-2026-41125

Technical details are not publicly available in the provided documents; monitor for updates.

6CVSS7.2AI score0.00025EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 8:21 a.m.•7 views

CVE-2026-41125

6CVSS7.2AI score0.00025EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-39990

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All versions, blueplanet...

6CVSS5.8AI score0.00025EPSS

Exploits0References2

CVE•added 2026/05/04 5:30 p.m.•5 views

CVE-2026-42092

CVE-2026-42092 affects titra (open source time tracking) in version 0.99.52. The globalsettings Meteor publication returns all global settings without admin/role checks, allowing any authenticated user to subscribe via DDP and retrieve sensitive fields such as google_secret, openai_apikey, and go...

6.5CVSS5.8AI score0.00034EPSS

Exploits0References1

Cvelist•added 2026/05/04 5:30 p.m.•29 views

CVE-2026-42092 Global Settings Publication Exposes Sensitive Configuration to Any Authenticated User in Titra

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

6.5CVSS0.00034EPSS

Exploits0References1

CNNVD•added 2026/05/04 12:0 a.m.•5 views

titra 信息泄露漏洞

Titra is a time tracking project developed by Kromit. Version 0.99.52 of Titra contains an information leakage vulnerability. This vulnerability stems from the Meteor framework’s behavior, which returns all global settings without any checks for administrator or role permissions. As a result, any...

6.5CVSS5.8AI score0.00034EPSS

Exploits0References2

Positive Technologies•added 2026/05/04 12:0 a.m.•4 views

PT-2026-36884

Name of the Vulnerable Software and Affected Versions titra version 0.99.52 Description The globalsettings Meteor publication returns all global settings without performing administrative or role-based access checks. This allows any authenticated user to subscribe via DDP Distributed Data Protoco...

6.5CVSS5.8AI score0.00034EPSS

Exploits0References4

NVD•added 2026/04/29 12:16 p.m.•0 views

CVE-2026-2902

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontendrewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping. Th...

6.1CVSS0.00109EPSS

Exploits0References5

ATTACKERKB•added 2026/04/29 11:17 a.m.•0 views

CVE-2026-2902

6.1CVSS5.5AI score0.00109EPSS

Exploits0References6

Cvelist•added 2026/04/29 11:17 a.m.•27 views

CVE-2026-2902 WP Meteor Website Speed Optimization Addon <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting via Comment

6.1CVSS0.00109EPSS

Exploits0References5

EUVD•added 2026/04/29 11:17 a.m.•1 views

EUVD-2026-26209

6.1CVSS5.5AI score0.00109EPSS

Exploits0References5

Patchstack•added 2026/04/29 9:59 a.m.•3 views

WordPress WP Meteor Website Speed Optimization Addon plugin <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Meteor Page Speed Optimization Topping versions = 3.4.16...

6.1CVSS5.1AI score0.00109EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/06 8:16 p.m.•2 views

CVE-2026-30847

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the notificationUsers publication in Wekan publishes user documents with no field filtering, causing the ReactiveCache.getUsers call to return all fields including highly sensitive data such as bcrypt password...

9.3CVSS0.0004EPSS

Exploits0References3

NVD•added 2026/02/08 2:15 a.m.•4 views

CVE-2026-2205

A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. Upgrading to version 8.21 is able to...

5.3CVSS0.00046EPSS

Exploits0References6

EUVD•added 2026/02/08 1:9 a.m.•3 views

EUVD-2026-5824

5.3CVSS4.7AI score0.00046EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by