CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4843 matches found

Open WebUI < 0.9.5 - Information Disclosure

Open WebUI 0.9.5 contains an information disclosure vulnerability caused by unauthenticated access to GET /api/v1/retrieval/ endpoint, letting remote attackers retrieve live RAG pipeline configuration without authorization, exploit requires no authentication. id: CVE-2026-45397 info: name: Open...

5.3CVSS5.8AI score0.00039EPSS

Exploits1References3

Nuclei•added yesterday•23 views

ResourceSpace - Metadata Export

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value. id: CVE-2022-31260 info: name: ResourceSpace - Metadata Export author: ritikchaddha severity: medium description: | In Montala ResourceSpace...

6.5CVSS6.6AI score0.24772EPSS

Exploits1References2

Nuclei•added yesterday•15 views

Boa 0.94.13 - Information Disclosure

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE- multiple third parties report that this is a site-specific issue because those files are not par...

7.5CVSS7.3AI score0.82894EPSS

Exploits2References2

Nuclei•added yesterday•51 views

Keycloak - Open Redirect

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

6.1CVSS5.9AI score0.06592EPSS

Exploits0References2

Nuclei•added yesterday•10 views

GeoServer - Missing Authorization on REST API Index

GeoServer contains a missing authorization vulnerability that allows unauthorized access to the REST API Index page, potentially exposing sensitive configuration information. id: CVE-2025-27505 info: name: GeoServer - Missing Authorization on REST API Index author: securitytaters severity: medium...

5.3CVSS5.8AI score0.00827EPSS

Exploits0References3

GithubExploit•added 2 days ago•36 views

Exploit for OS Command Injection in Gnu Bash

HackTheBox: Shocker Writeup A structured and professional walk...

10CVSS7.6AI score0.9422EPSS

Exploits130

ATTACKERKB•added 2 days ago•3 views

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00036EPSS

Exploits0References2

EUVD•added 2 days ago•4 views

EUVD-2026-33931

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00036EPSS

Exploits0References1

NVD•added 2 days ago•7 views

CVE-2026-42670

Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...

7.5CVSS0.00032EPSS

Exploits0References1

NVD•added 2 days ago•4 views

CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS0.00089EPSS

Exploits0References2

NVD•added 2 days ago•5 views

CVE-2025-53346

Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3...

4.3CVSS0.00026EPSS

Exploits0References1

Nuclei•added 2 days ago•10 views

Kramer VIAware - Privilege Escalation and Remote Code Execution

Kramer VIAware, all tested versions, allow privilege escalation and remote code execution due to misconfigured sudo permissions. Attackers can execute arbitrary system commands remotely if the web interface is accessible, due to vulnerabilities in the handling of privileged operations through...

10CVSS8.2AI score0.89527EPSS

Exploits5References5

Vulnrichment•added 2 days ago•3 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

5.8AI score0.00089EPSS

Exploits0References1

CVE•added 2 days ago•46 views

CVE-2026-41115

Summary: CVE-2026-41115 describes an improper authorization issue in Apache Kafka related to the CONSUMER_GROUP_DESCRIBE API. The vulnerability discussion notes a discrepancy between ACLs and documented permissions, but states that the correct permission for the API is DESCRIBE GROUP and that the...

4.3CVSS5.8AI score0.00089EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2 days ago•5 views

PT-2026-45717

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

6.5CVSS5.8AI score0.00026EPSS

Exploits0References2

Positive Technologies•added 2 days ago•5 views

PT-2026-45725

Name of the Vulnerable Software and Affected Versions Apache Kafka affected versions not specified Description An improper authorization issue exists in the 'CONSUMER GROUP DESCRIBE' 69 API. The implementation validates the DESCRIBE operation on the GROUP resource, which contradicts the READ...

4.3CVSS5.8AI score0.00089EPSS

Exploits0References5

Positive Technologies•added 2 days ago•3 views

PT-2026-45734

5.8AI score0.00032EPSS

Exploits0References2

NVD•added 3 days ago•7 views

CVE-2026-42671

Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...

6.5CVSS0.00038EPSS

Exploits0References1

Vulnrichment•added 3 days ago•6 views

CVE-2026-42675 WordPress Hydra Booking plugin <= 1.1.41 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41...

7.3CVSS5.8AI score0.00036EPSS

Exploits0References1

NVD•added 3 days ago•8 views

CVE-2026-42682

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

9.1CVSS0.00039EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by