CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

75 matches found

OSV•added 2026/04/16 11:36 p.m.•1 views

BIT-AUTHENTIK-2025-52553 authentik has Insufficient Session verification for Remote Access Control endpoint access

authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the user who authorized the connection, howev...

9.6CVSS5.6AI score0.00335EPSS

Exploits0References5

ATTACKERKB•added 2026/02/26 11:2 p.m.•2 views

CVE-2026-3268

A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler. Performing a manipulation results in...

5.5CVSS5.7AI score0.00046EPSS

Exploits1References4Affected Software1

NVD•added 2026/02/20 7:23 p.m.•8 views

CVE-2026-2852

A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component Sales Endpoint. The...

6.5CVSS0.00059EPSS

Exploits1References6

RedhatCVE•added 2026/01/09 10:9 a.m.•4 views

CVE-2019-11653

Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request...

5.5CVSS6.7AI score0.00125EPSS

Exploits0References1

NVD•added 2025/12/15 9:15 p.m.•2 views

CVE-2025-55895

TOTOLINK A3300R V17.0.0cu.557B20221024 and N200RE V9.3.5u.6448B20240521 and V9.3.5u.6437B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in remote...

9.1CVSS0.00095EPSS

Exploits1References2

Vulnrichment•added 2025/11/14 12:0 a.m.•2 views

CVE-2025-54343

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges...

6.5AI score0.0004EPSS

Exploits0References2