CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

RedhatCVE•added 2026/01/24 3:17 a.m.•3 views

CVE-2026-21520

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

7.5CVSS5.4AI score0.00125EPSS

Exploits0References1

NVD•added 2026/01/22 11:15 p.m.•1 views

CVE-2026-21520

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

7.5CVSS0.00125EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:21 a.m.•6 views

CVE-2019-1010202

Jeesite 1.2.7 is affected by: XML External Entity XXE. The impact is: sensitive information disclosure. The component is: convertToModel function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload ...

6.5CVSS6.5AI score0.00568EPSS

Exploits1References1

Microsoft CVE•added 2024/10/23 7:0 a.m.•1 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

...

4.3CVSS7.2AI score0.00168EPSS

Exploits0

CVE•added 2024/10/15 10:46 p.m.•69 views

CVE-2024-38190

CVE-2024-38190 concerns a missing authorization vulnerability in Microsoft Power Platform (and associated components like Dataverse) that allows an unauthenticated attacker to view sensitive information over a network vector. The provided metrics assign a CVSS3.1 base score of 8.6 (HIGH) with net...

8.6CVSS8.4AI score0.01505EPSS

Exploits0References1Affected Software1

Microsoft CVE•added 2024/10/15 7:0 a.m.•18 views

Power Platform Information Disclosure Vulnerability

Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector...

8.6CVSS6.7AI score0.01505EPSS

Exploits0

NVD•added 2024/10/09 5:15 p.m.•15 views

CVE-2024-43610

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

7.5CVSS0.04924EPSS

Exploits0References1

CVE•added 2024/10/09 4:26 p.m.•58 views

CVE-2024-43610

CVE-2024-43610 concerns an information disclosure in Microsoft Copilot Studio. The connected PT-2024-7988 entry identifies Copilot Studio as the affected software and states that the vulnerability involves exposure of sensitive information to unauthorized actors via a network attack vector, explo...

7.5CVSS7.2AI score0.04924EPSS

Exploits0References1Affected Software1

NVD•added 2024/10/08 6:15 p.m.•23 views

CVE-2024-43488

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

9.8CVSS0.02519EPSS

Exploits0References1

CVE•added 2024/10/08 5:36 p.m.•93 views

CVE-2024-43488

CVE-2024-43488 affects the Visual Studio Code extension for Arduino. The vulnerability is a missing authentication in a critical function, enabling remote code execution over a network attack vector. Impact per sources is arbitrary code execution with high/critical severity. Affected component is...

9.8CVSS9.8AI score0.02519EPSS

Exploits0References1Affected Software1

Microsoft CVE•added 2024/10/08 7:0 a.m.•14 views

Copilot Studio Information Disclosure Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

7.5CVSS6.5AI score0.04924EPSS

Exploits0

Microsoft CVE•added 2024/10/08 7:0 a.m.•26 views

Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

9.8CVSS8.8AI score0.02519EPSS

Exploits0

Positive Technologies•added 2024/08/14 12:0 a.m.•1 views

PT-2024-7988 · Microsoft · Copilot Studio

Name of the Vulnerable Software and Affected Versions: Microsoft Copilot Studio affected versions not specified Description: The issue is related to the exposure of sensitive information to unauthorized actors in Microsoft Copilot Studio. This allows an unauthenticated attacker to view sensitive...

7.8CVSS6.8AI score0.04924EPSS

Exploits0References9

Positive Technologies•added 2024/06/12 12:0 a.m.•1 views

PT-2024-7450 · Microsoft · Power Platform

Name of the Vulnerable Software and Affected Versions: Power Platform affected versions not specified Description: The issue is related to a lack of authorization in Power Platform, allowing an unauthenticated attacker to view sensitive information through a network attack vector. This can lead t...

8.6CVSS6.5AI score0.01505EPSS

Exploits0References14

Cvelist•added 2023/01/27 12:0 a.m.•12 views

CVE-2022-44717

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur issue 1 of 2. After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack...

4.1AI score0.0029EPSS

Exploits0References1