CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

CNNVD•added 2026/03/24 12:0 a.m.•2 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to 4.17.8 and 5.9.14 of Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the lack of enforceable authorization checks for resource-based access control, which could allow...

7.1CVSS5.8AI score0.00016EPSS

Exploits0References4

GithubExploit•added 2026/03/23 4:35 p.m.•152 views

TGT2Admin-

🎭 RBCDExploit - Resource-Based Constrained Delegation Attack...

6AI score

Exploits0

GithubExploit•added 2026/02/21 9:35 a.m.•164 views

Exploit for Improper Certificate Validation in Microsoft

CVE-2022-26923 – Certifried Exploit AD CS Abuse Automatisat...

9CVSS5.6AI score0.91596EPSS

Exploits8

RedhatCVE•added 2025/10/30 7:21 p.m.•3 views

CVE-2025-64102

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, an attacker can perform an online brute-force attack on OTP, TOTP, and passwords. While Zitadel allows preventing online brute force attacks in scenarios like TOTP, Email OTP, or passwords using a lockout...

9.8CVSS6.7AI score0.00041EPSS

Exploits0References1

Cvelist•added 2025/10/29 6:36 p.m.•7 views

CVE-2025-64102 Zitadel allows brute-forcing authentication factors

7.7CVSS0.00041EPSS

Exploits0References2

CVE•added 2025/10/29 6:36 p.m.•25 views

CVE-2025-64102

CVE-2025-64102 affects Zitadel, allowing online brute-force attacks on OTP, TOTP and passwords in multiple branches prior to fixed releases. Public details specify vulnerable ranges: 4.x up to 4.4.x, 3.x up to 3.4.2 (RCs included), and 2.x up to 2.71.17, with fixes enforcing a lockout policy and ...

9.8CVSS6.3AI score0.00041EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-36810

Malicious code in bioql PyPI...

9.1CVSS7AI score0.01611EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-50493

Malicious code in bioql PyPI...

9.1CVSS7.6AI score0.00928EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:53 a.m.•5 views

CVE-2023-46266

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack...

9.1CVSS6.7AI score0.00928EPSS

Exploits0

RedhatCVE•added 2025/05/23 3:49 a.m.•5 views

CVE-2023-32566

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1...

9.1CVSS6.8AI score0.01611EPSS

Exploits0References1

Rapid7 Blog•added 2025/03/21 7:6 p.m.•11 views

Metasploit Wrap-Up 03/21/2025

SMB to LDAP Relay This week, the Metasploit team have added an exciting relay module that has been in the works for a long time. This relay module is used to host an SMB server, and execute an SMB to LDAP relay attack against a Domain controller with an LDAP server when NTLMv1 is being used as th...

7.8CVSS8.9AI score0.08451EPSS

Exploits2

Cvelist•added 2023/12/19 3:43 p.m.•14 views

CVE-2021-22962

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack...

7.3CVSS9.4AI score0.27817EPSS

Exploits0References1

NVD•added 2023/08/10 8:15 p.m.•20 views

CVE-2023-32565

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1...

9.1CVSS6.9AI score0.01611EPSS

Exploits0References1

Prion•added 2023/08/10 8:15 p.m.•21 views

Design/Logic Flaw

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1...

5.8CVSS9AI score0.01611EPSS

Exploits0References1Affected Software1

OSV•added 2023/08/10 7:15 p.m.•3 views

CVE-2023-32566

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1...

9.1CVSS5.8AI score0.01611EPSS

Exploits0References1

Cvelist•added 2023/08/10 7:3 p.m.•18 views

CVE-2023-32565

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1...

6.3CVSS9.4AI score0.01611EPSS

Exploits0References1

Vulnrichment•added 2023/08/10 7:3 p.m.•19 views

CVE-2023-32565

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1...

6.3CVSS6.7AI score0.01611EPSS

Exploits0References1

Microsoft Malware Protection•added 2022/05/25 9:0 p.m.•38 views

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn tools in...

1.3AI score

Exploits0

Microsoft Secure•added 2022/05/25 9:0 p.m.•29 views

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

1.3AI score

Exploits0

The Hacker News•added 2021/12/06 12:22 p.m.•109 views

Vulnerability Scanning Frequency Best Practices

So you've decided to set up a vulnerability scanning programme, great. That's one of the best ways to avoid data breaches. How often you should run your scans, though, isn't such a simple question. The answers aren't the same for every type of organization or every type of system you're scanning...

9.3CVSS9.1AI score0.94318EPSS

Exploits52

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by