CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

141 matches found

Positive Technologies•added yesterday•6 views

PT-2026-51642

Name of the Vulnerable Software and Affected Versions Snipe-IT affected versions not specified Description An authorization bypass exists in the BulkAssetsController::update function. The system accepts the company id variable directly from user input without utilizing the standard company-scopin...

6.3CVSS5.9AI score

Exploits0References5

Vulnrichment•added 2026/06/15 9:55 p.m.•4 views

CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.3AI score0.00273EPSS

Exploits0References4

OSV•added 2026/06/15 9:55 p.m.•7 views

EEF-CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Summary Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS5.4AI score0.00273EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:28 p.m.•7 views

CVE-2026-22872

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...

9.1CVSS5.5AI score0.0043EPSS

Exploits1References1

CNNVD•added 2026/05/28 12:0 a.m.•7 views

OpenReplay 安全漏洞

OpenReplay is an open-source, developer-friendly, and self-hosted session replay software. Versions of OpenReplay prior to 1.26.0 contained security vulnerabilities. These vulnerabilities stemmed from cross-tenant IDOR vulnerabilities in the feature-flag and assist-stats routing mechanisms. Due t...

5.3CVSS5.8AI score0.00207EPSS

Exploits0References2

Positive Technologies•added 2026/04/22 12:0 a.m.•4 views

PT-2026-34334

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An insecure direct object reference allows unauthorized users to access and manipulate sensitive data across different tenants. This can result in unauthorized...

6.5CVSS5.8AI score0.00213EPSS

Exploits0References4

NVD•added 2026/02/03 6:16 p.m.•4 views

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

10CVSS0.00383EPSS

Exploits1References2

OSV•added 2026/02/03 6:16 p.m.•6 views

CVE-2025-70841

7.5CVSS5.9AI score0.00383EPSS

Exploits1References2

Vulnrichment•added 2026/02/03 12:0 a.m.•2 views

CVE-2025-70841

10CVSS5.4AI score0.00383EPSS

Exploits1References2

EUVD•added 2026/02/03 12:0 a.m.•4 views

EUVD-2025-206710

10CVSS5.5AI score0.00383EPSS

Exploits1References1

Positive Technologies•added 2026/02/03 12:0 a.m.•7 views

PT-2026-5987

Name of the Vulnerable Software and Affected Versions Dokans Multi-Tenancy Based eCommerce Platform version 3.9.2 Description The platform allows unauthenticated remote attackers to obtain sensitive application configuration data by directly requesting the '/script/.env' file. This file contains...

10CVSS5.5AI score0.00383EPSS

Exploits1References6

RedhatCVE•added 2026/01/07 9:17 a.m.•6 views

CVE-2025-1758

Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...

8.8CVSS7.2AI score0.04791EPSS

Exploits0References1

Cvelist•added 2025/12/19 12:32 a.m.•27 views

CVE-2025-14908 JeecgBoot Multi-Tenant Management SysTenantController.java improper authentication

A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module...

6.5CVSS0.00303EPSS

Exploits1References5

OSV•added 2025/12/02 5:36 p.m.•3 views

BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS7AI score0.01084EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-16354

Malware in sbrugna...

6.5CVSS5.5AI score0.00852EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-27277

Malware in sbrugna...

5.4CVSS5.6AI score0.0036EPSS

Exploits0References2