CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

Positive Technologies•added 2026/06/12 12:0 a.m.•15 views

PT-2026-48979

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description An issue exists in the GroupPostSerializer where the predicate for the :name attribute was incorrectly declared as include user lo...

4.3CVSS5.2AI score0.00189EPSS

Exploits0References5

SUSE CVE•added 2026/06/02 1:44 a.m.•11 views

SUSE CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

8.1CVSS5.8AI score0.00399EPSS

Exploits0References3

RedhatCVE•added 2026/04/15 7:24 p.m.•6 views

CVE-2026-33708

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS5.8AI score0.00209EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:16 p.m.•5 views

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

2CVSS5.9AI score0.00235EPSS

Exploits0References1

RedhatCVE•added 2025/12/31 4:9 p.m.•18 views

CVE-2025-64528

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enablenames is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...

6.3CVSS6.8AI score0.00242EPSS

Exploits0References1

CVE•added 2025/12/30 4:4 p.m.•11 views

CVE-2025-64528

CVE-2025-64528 affects Discourse prior to versions 3.5.3, 2025.11.1, and 2025.12.0. An attacker who knows part of a username can discover the user and their full name via UI or API, even when enable_names is disabled. The issue is confirmed across multiple sources (NVD, Red Hat, OSV, OpenVAS, etc...

6.3CVSS6.4AI score0.00242EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2025/11/20 7:10 p.m.•3 views

CVE-2025-52669

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system...

4.3CVSS4.8AI score0.00252EPSS

Exploits1References1

Positive Technologies•added 2025/11/20 12:0 a.m.•7 views

PT-2025-47619

4.3CVSS6.8AI score0.00252EPSS

Exploits1References1

Cvelist•added 2025/11/12 12:0 a.m.•7 views

CVE-2025-63353

A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password WPA/WPA2 pre-shared key to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an...

0.01168EPSS

Exploits3References2

NVD•added 2025/10/22 4:15 p.m.•7 views

CVE-2025-62607

Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...

5.3CVSS0.00268EPSS

Exploits0References3

Vulnrichment•added 2025/10/13 9:33 p.m.•2 views

CVE-2025-62362 Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal

gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...

6.9CVSS5.9AI score0.00293EPSS

Exploits0References1

OSV•added 2025/10/13 5:43 p.m.•4 views

GHSA-FHWM-PC6R-4H2F CommandKit has incorrect command name exposure in context object for message command aliases

Impact A logic flaw exists in the message command handler of CommandKit that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling command aliases. When a message command is invoked using an alias, the ctx.commandName value...

6.1CVSS7.1AI score0.00148EPSS

Exploits0References4