CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

73 matches found

CVE-2026-42604

Actual is a local-first personal finance tool. The POST /openid/config endpoint in Actual Budget's sync-server versions = 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 clientsecret—to any caller who knows the bootstrap password. The endpoint also lacks authentication a...

9.1CVSS0.004EPSS

Exploits0References2

CVE•added 2026/06/05 6:5 p.m.•16 views

CVE-2026-45749

Termix (web-based server management platform) prior to v2.3.2 exposes MFA risk via POST /users/totp/disable and POST /users/totp/backup-codes, which accept only the account password as authentication for MFA-critical actions. An attacker with a compromised password can disable TOTP or regenerate ...

8.1CVSS5.5AI score0.00269EPSS

Exploits1References2Affected Software1

Tenable Nessus•added 2026/03/25 12:0 a.m.•2 views

IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.4 (7267362)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7267362 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expect...

9.8CVSS5.8AI score0.00355EPSS

Exploits0References2

CERT•added 2026/03/24 12:0 a.m.•3 views

Hard coded credentials vulnerability in GoHarbor's Harbor

Overview GoHarbor's Harbor default admin password presents a security risk because it does not require change upon initial deployment. Description GoHarbor's Harbor is an open-source OCI-compliant container registry project that stores, signs, and manages container images. Harbor initializes with...

9.4CVSS6.5AI score0.00498EPSS

Exploits0References4

OSV•added 2026/03/19 11:10 p.m.•3 views

CVE-2026-29108 Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, an authenticated API endpoint allows any user to retrieve detailed information about any other user, including their password hash, username, and MFA configuration. As...

6.5CVSS5.9AI score0.00306EPSS

Exploits0References3

RedhatCVE•added 2026/01/07 9:54 a.m.•21 views

CVE-2025-1878

A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of default password. Access to the local network is required for this attack to succeed. The complexity ...

3.1CVSS7.1AI score0.00271EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:41 a.m.•4 views

CVE-1999-0508

An account on a router, firewall, or other network device has a default, null, blank, or missing password...

4.6CVSS6.8AI score0.0356EPSS

Exploits3References1