CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

189 matches found

vulnersOsv•added 2026/06/03 9:13 p.m.•6 views

auto-survey (>=0.1.0 <=0.2.4), gptparse (=0.3.0) +12 more potentially affected by CVE-2026-44018 via docling (>=2.51.0 <=2.90.0)

docling PYPI version =2.51.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.3.0, =1.0.0, =1.6.2, =1.6.2, =0.0.1, =0.0.2 Source cves: CVE-2026-44018 Source advisory: OSV:GHSA-R3XG-RG9J-67FV...

5.5AI score0.00015EPSS

Exploits0

EUVD•added 2026/05/12 7:30 p.m.•10 views

EUVD-2026-29792

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS5.8AI score0.00366EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 7:30 p.m.•9 views

CVE-2026-42889 Relay Server WebSocket authentication bypass when token is omitted

9.1CVSS5.8AI score0.00366EPSS

Exploits0References1

CVE•added 2026/05/12 7:30 p.m.•16 views

CVE-2026-42889

Summary (CVE-2026-42889): Relay Server (used with Obsidian) versions 0.9.0–0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were treated as having full server permissions, all...

9.1CVSS5.8AI score0.00366EPSS

Exploits0References1

The Hacker News•added 2026/04/16 10:20 a.m.•8 views

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and...

6AI score

Exploits0

OSV•added 2026/01/08 7:15 p.m.•5 views

CVE-2025-65518

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service DoS condition. The vulnerability exists in the getpassword.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service...

7.5CVSS5.8AI score0.00529EPSS

Exploits0References3

NVD•added 2026/01/08 7:15 p.m.•7 views

CVE-2025-65518

7.5CVSS0.00529EPSS

Exploits0References3

CNNVD•added 2026/01/08 12:0 a.m.•6 views

Plesk Obsidian 安全漏洞

Plesk Obsidian is a hosting control panel from the Swiss company Plesk. A security vulnerability exists in Plesk Obsidian versions 8.0.1 through 18.0.73, which stems from improper handling of malicious loads in the file getpassword.php, which could lead to a denial of service attack...

7.5CVSS6.5AI score0.00529EPSS

Exploits0References3

CVE•added 2026/01/08 12:0 a.m.•18 views

CVE-2025-65518

Plesk Obsidian (versions 8.0.1 to 18.0.73) is affected by a Denial of Service in the get_password.php endpoint. A crafted, malicious request can cause the web interface to continuously reload, rendering the service unavailable to legitimate users. Exploitation is remote and does not require authe...

7.5CVSS6.4AI score0.00529EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/01/08 12:0 a.m.•8 views

PT-2026-1848

Name of the Vulnerable Software and Affected Versions Plesk Obsidian versions 8.0.1 through 18.0.73 Description Plesk Obsidian versions 8.0.1 through 18.0.73 are susceptible to a Denial of Service DoS condition. The issue resides in the get password.php API endpoint, where a specifically crafted...

7.5CVSS6.7AI score0.00529EPSS

Exploits0References7