CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

Snyk•added 2026/05/27 10:34 p.m.•5 views

Incorrect Authorization

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Incorrect Authorization through inconsistent authorization checks between the report listing and detail retrieval endpoints. An attacker can access sensitiv...

7.1CVSS5.8AI score

Exploits0References2

NVD•added 2026/04/30 7:16 p.m.•1 views

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS0.00036EPSS

Exploits0References2

RedhatCVE•added 2026/03/26 3:5 p.m.•3 views

CVE-2025-41008

SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...

9.3CVSS5.9AI score0.00045EPSS

Exploits0References1

EUVD•added 2026/03/25 7:52 p.m.•2 views

EUVD-2026-14496

AVideo Allows Unauthenticated Access to ADServer reports.json.php that Exposes Ad Campaign Analytics and User Data...

5.3CVSS5.8AI score0.00112EPSS

Exploits1References3

CNNVD•added 2026/03/23 12:0 a.m.•2 views

Sinturno SQL注入漏洞

Sinturno is a tool used by the American company Sinturno to manage and analyze network traffic. Sinturno has a SQL injection vulnerability, which stems from improper handling of the client parameter in the adm/scripts/modalReportdata.php endpoint. This vulnerability may lead to SQL injection...

9.3CVSS5.8AI score0.00045EPSS

Exploits0References1

ATTACKERKB•added 2026/01/24 7:26 a.m.•1 views

CVE-2025-14609

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

5.3CVSS5.9AI score0.00022EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 8:59 a.m.•7 views

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data...

8.8CVSS8.2AI score0.00939EPSS

Exploits0References1

RedhatCVE•added 2025/11/07 7:58 p.m.•1 views

CVE-2022-50592

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...

9.3CVSS9.2AI score0.00374EPSS

Exploits0References1

NVD•added 2025/11/06 8:15 p.m.•1 views

CVE-2022-50592

9.3CVSS0.00374EPSS

Exploits0References3

CVE•added 2025/11/06 7:57 p.m.•7 views

CVE-2022-50592

CVE-2022-50592 affects Advantech iView prior to v5.7.04 build 6425. The SNMP management tool contains an authentication bypass that enables a SQL injection in the getInventoryReportData parameter of the NetworkServlet endpoint, leading to remote code execution with administrator privileges. This ...

9.3CVSS8.8AI score0.00374EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/11/06 7:57 p.m.•3 views

CVE-2022-50592 Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE

9.3CVSS0.00374EPSS

Exploits0References3

Vulnrichment•added 2025/11/06 7:57 p.m.•2 views

CVE-2022-50592 Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE

9.3CVSS8.8AI score0.00374EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-10173

Malware in sbrugna...

4.3CVSS4.9AI score0.00212EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-20379

Malware in sbrugna...

8.3CVSS7.3AI score0.00738EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2021-13629

Malware in sbrugna...

7.5CVSS7.5AI score0.00276EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-7991

Malware in sbrugna...

8.8CVSS8.8AI score0.0107EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-5295

Malicious code in bioql PyPI...

7.7CVSS6.3AI score0.00181EPSS

Exploits0References5

RedhatCVE•added 2025/02/28 12:24 p.m.•11 views

CVE-2024-47053

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...

7.7CVSS6.4AI score0.00181EPSS

Exploits0References5

CVE•added 2025/02/26 11:54 a.m.•118 views

CVE-2024-47053

CVE-2024-47053 concerns an authorization flaw in Mautic’s API. Any authenticated user can access all reports and their data via the API, bypassing permissions intended to restrict access to non-system reports (e.g., View Own/View Others). The vulnerability arises from Mautic’s HTTP Basic Authenti...

7.7CVSS7.4AI score0.00181EPSS

Exploits0References3Affected Software1