CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

Github Security Blog•added 2026/02/03 6:30 p.m.•2 views

FUXA contains an insecure default configuration vulnerability

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.5AI score0.00027EPSS

Exploits0References3Affected Software1

NVD•added 2026/02/03 6:16 p.m.•4 views

CVE-2025-69970

9.3CVSS0.00027EPSS

Exploits0References1

Positive Technologies•added 2026/01/12 12:0 a.m.•2 views

PT-2026-2307

Name of the Vulnerable Software and Affected Versions WebErpMesv2 versions prior to 1.19 Description The WebErpMesv2 application lacks authentication middleware for multiple sensitive API endpoints. This allows an unauthenticated remote attacker to read business-critical data, including companies...

8.2CVSS6.8AI score0.00416EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-13567

Malware in sbrugna...

10CVSS9.2AI score0.0017EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-54896

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00077EPSS

Exploits0References1

RedhatCVE•added 2025/08/22 12:22 a.m.•3 views

CVE-2024-57157

Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token...

9.8CVSS7.4AI score0.00077EPSS

Exploits0References1

OSV•added 2025/08/20 9:15 p.m.•1 views

CVE-2024-57155

Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token...

9.8CVSS5.8AI score0.00077EPSS

Exploits0References1

CNNVD•added 2025/08/20 12:0 a.m.•2 views

Radar 安全漏洞

Radar wind control engine is a lightweight real-time wind control engine by feihu.wang individual developers. A security vulnerability exists in Radar v1.0.8, which stems from improper access control and could lead to unauthorized access to sensitive APIs...

9.8CVSS6.5AI score0.00077EPSS

Exploits0References3

Vulnrichment•added 2025/08/20 12:0 a.m.•3 views

CVE-2024-57155

Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token...

7.3AI score0.00077EPSS

Exploits0References1

CNNVD•added 2025/08/20 12:0 a.m.•1 views

Jantent 安全漏洞

Jantent is a simple to use website by Jack Tang, an individual developer. A security vulnerability exists in Jantent v1.1, which stems from improper access control and could lead to unauthorized access to sensitive APIs...

9.8CVSS6.6AI score0.00077EPSS

Exploits0References3

NVD•added 2025/06/10 11:15 p.m.•9 views

CVE-2025-47849

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and...

8.8CVSS0.00224EPSS

Exploits0References3

NVD•added 2025/06/10 11:15 p.m.•8 views

CVE-2025-47713

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume...

8.8CVSS0.00224EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 9:12 a.m.•2 views

CVE-2018-21049

An issue was discovered on Samsung mobile devices with N7.x and O8.X Exynos chipsets software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 November 2018...

10CVSS7AI score0.0017EPSS

Exploits0References1

Ivanti•added 2023/08/21 2:0 p.m.•8 views

CVE-2023-38035 – API Authentication Bypass on Sentry Administrator Interface

A vulnerability has been discovered in Ivanti Sentry, formerly known as MobileIron Sentry. This vulnerability impacts versions 9.18 and prior. The vulnerability does not impact other Ivanti products, such as Ivanti EPMM or Ivanti Neurons for MDM. If exploited, this vulnerability enables an...

9.8CVSS9.8AI score0.94419EPSS

Exploits6

Positive Technologies•added 2023/08/21 12:0 a.m.•5 views

PT-2023-4447

Name of the Vulnerable Software and Affected Versions: Ivanti MobileIron Sentry versions 9.18.0 and below Description: A security vulnerability in the MICS Admin Portal of Ivanti MobileIron Sentry may allow an attacker to bypass authentication controls on the administrative interface due to an...

10CVSS10AI score0.94419EPSS

Exploits6References111

NVD•added 2020/04/08 6:15 p.m.•9 views

CVE-2018-21049

10CVSS9.5AI score0.0017EPSS

Exploits0References1

Prion•added 2020/04/08 6:15 p.m.•14 views

Code injection

10CVSS9.3AI score0.0017EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/04/08 5:37 p.m.•14 views

CVE-2018-21049

9.5AI score0.0017EPSS

Exploits0References1

Prion•added 2019/02/19 5:29 p.m.•15 views

Authorization

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK...

4.3CVSS6.7AI score0.0046EPSS

Exploits0References7Affected Software6

Kitploit•added 2013/08/21 12:41 a.m.•11 views

[Introspy] Monitor app in your iDevice

The Problem In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks - especially when performing a black-box assessment. Without access to source code, a comprehensive review of these application currently requires in-depth knowledge of various API...

7AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by