CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

138 matches found

CyberPower - Missing Authentication

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32735 info: name: CyberPower - Missing Authentication author: DhiyaneshDK severity: critical description: | An issue regarding missing authentication for certai...

9.8CVSS5.8AI score0.71747EPSS

Exploits0References3

NCSC•added 2026/03/05 9:5 a.m.•2 views

Vulnerabilities fixed in Cisco Secure Firewall systems

Cisco has fixed several vulnerabilities in Cisco Secure Firewall including ASA and FTD software. The vulnerabilities include SQL injection, privilege escalation, denial-of-service, cross-site scripting, and improper management of entries in various Cisco Secure Firewall components. Authenticated...

8.6CVSS5.9AI score0.00202EPSS

Exploits0References26

EUVD•added 2025/11/18 12:5 p.m.•2 views

EUVD-2025-197988

A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...

9.8CVSS6.8AI score0.00046EPSS

Exploits0References2

CVE•added 2025/11/18 12:5 p.m.•12 views

CVE-2025-9312

CVE-2025-9312 relates to a missing authentication enforcement in WSO2 products’ mTLS implementation used by System REST APIs and SOAP services. The root cause is improper validation of client certificate–based authentication under certain default configurations, allowing unauthenticated requests ...

9.8CVSS7AI score0.00046EPSS

Exploits0References1Affected Software9

Vulnrichment•added 2025/11/18 12:5 p.m.•3 views

CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products

9.8CVSS7AI score0.00046EPSS

Exploits0References1

EUVD•added 2025/10/16 3:30 p.m.•3 views

EUVD-2025-34754

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...

9.6CVSS6.3AI score0.00032EPSS

Exploits0References2

NVD•added 2025/10/16 1:15 p.m.•3 views

CVE-2025-9804

9.6CVSS0.00032EPSS

Exploits0References1

OSV•added 2025/10/16 1:15 p.m.•1 views

CVE-2025-10611

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaini...

9.8CVSS7AI score

Exploits0References1

CVE•added 2025/10/16 12:33 p.m.•9 views

CVE-2025-9804

The CVE-2025-9804 entry concerns multiple WSO2 products (e.g., API Manager family) with an improper access-control flaw due to insufficient permission enforcement in internal SOAP Admin Services and System REST APIs. The root cause is limited access-control checks on internal interfaces, allowing...

9.6CVSS6.5AI score0.00032EPSS

Exploits0References1Affected Software15

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-0773

Malware in sbrugna...

6.1CVSS6.2AI score0.00223EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2018-19007

Malware in sbrugna...

6.5CVSS6.6AI score0.00294EPSS

Exploits0References3