CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/05 5:16 p.m.•11 views

CVE-2025-5088

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

8.7CVSS0.00323EPSS

ATTACKERKB•added 2026/06/05 3:58 p.m.•3 views

CVE-2025-5088

8.7CVSS5.5AI score0.00323EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/05 3:58 p.m.•43 views

CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session

8.7CVSS0.00323EPSS

CVE•added 2026/06/05 3:58 p.m.•14 views

CVE-2025-5088

CVE-2025-5088 affects Arista CloudVision Exchange (CVX) via an authenticated Redis session that could grant full root access to all CVX servers. Exploitation requires network access to the Redis service and the Redis password, and Redis traffic is plaintext (TLS support tracked separately). The i...

8.7CVSS5.5AI score0.00323EPSS

Github Security Blog•added 2026/05/27 7:51 p.m.•14 views

Deno's TLS retry copies stale upgrade hook, risking plaintext traffic

Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook tha...

7.4CVSS5.8AI score0.00017EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/01 8:34 p.m.•25 views

CVE-2026-39807 Client-supplied URI scheme trusted without transport verification in bandit

Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determinescheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the...

6.3CVSS0.00454EPSS

Exploits0References4

Vulnrichment•added 2026/03/20 6:19 p.m.•2 views

CVE-2026-32309 Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...

ATTACKERKB•added 2026/03/20 6:19 p.m.•3 views

CVE-2026-32309

Exploits0References3Affected Software1

OSV•added 2026/03/20 6:19 p.m.•3 views

CVE-2026-32309 Cryptomator: Hub unlocking accepts plaintext HTTP and unvalidated endpoint schemes

CVE•added 2026/03/20 6:19 p.m.•13 views

Exploits0References4

CVE-2026-32309

Cryptomator (hub-based unlock flow) is affected prior to version 1.19.1. The vault metadata may drive OAuth and key-loading traffic over plaintext HTTP or insecure endpoint schemes instead of HTTPS, enabling a network attacker to observe or tamper with traffic. Bearer tokens and endpoint-level tr...

Exploits0References2Affected Software1

Positive Technologies•added 2026/03/20 12:0 a.m.•6 views

PT-2026-26657

Schneier on Security•added 2026/03/09 10:57 a.m.•6 views

Exploits0References4

New Attack Against Wi-Fi

It's called AirSnitch: Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs Service Set Identifiers. This cross-layer identity...

5.8AI score

Exploits0

CNVD•added 2026/02/05 12:0 a.m.•3 views

TeamViewer DEX Client Information Disclosure Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from an information disclosure vulnerability that can be exploited by an attacker to cause encrypted UDP traffic to be sent in plaintext, resulting in an...

6.5CVSS5.7AI score0.00134EPSS

Exploits0

NVD•added 2025/10/21 12:15 p.m.•3 views

CVE-2025-10641

All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...

7.1CVSS0.00297EPSS

EUVD•added 2025/10/03 8:7 p.m.•61 views

EUVD-2023-40615

Malicious code in bioql PyPI...

5.7CVSS5.7AI score0.00681EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-23994

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00074EPSS

Exploits0References3

NVD•added 2025/09/25 2:15 p.m.•4 views

CVE-2025-10540

iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext without authentication or encryption. An attacker with network access can intercept sensitive information such as...

6.5CVSS0.00118EPSS

CVE•added 2025/09/25 2:5 p.m.•10 views

CVE-2025-10540

iMonitor EAM 9.6394 transmits client/server and monitor/server communications in plaintext with no authentication. An attacker on the network can intercept credentials, keylogger data, PII, and data in transit, and can tamper with traffic, including issuing arbitrary commands to client agents. Do...

6.5CVSS6.7AI score0.00118EPSS