CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

69 matches found

CVE•added 2026/04/21 10:35 p.m.•24 views

CVE-2026-41056

WWBN AVideo (versions 29.0 and below) is affected by a cross-origin vulnerability where allowOrigin($allowAll=true) reflects arbitrary Origin headers in Access-Control-Allow-Origin together with Access-Control-Allow-Credentials: true. The reflection occurs in objects/functions.php and is invoked ...

8.1CVSS5.9AI score0.00335EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/03/26 12:0 a.m.•4 views

Firecrawl 代码问题漏洞

Firecrawl is an open-source AI web crawler tool developed by Mendable.ai. Versions of Firecrawl 2.8.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the Playwright crawling service, where server-side request forgery protection was bypassed, potentially...

8.6CVSS5.9AI score0.00407EPSS

Exploits0References3

Snyk•added 2026/02/11 8:56 p.m.•5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via sensitive API endpoints. Low-privileged users can bypass authorization checks to access /api/users, /api/oauth, /api/notifier/amazonsns, and /api/settings/export. Remediation There is no fixed version for...

5.4CVSS5.5AI score0.00534EPSS

Exploits1References2

OSV•added 2026/02/03 6:30 p.m.•2 views

GHSA-R5M2-FQCF-QRF7 FUXA contains an insecure default configuration vulnerability

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS5.5AI score0.00463EPSS

Exploits0References3

Positive Technologies•added 2026/02/03 12:0 a.m.•6 views

PT-2026-6471

9.3CVSS5.6AI score0.00463EPSS

Exploits0References4

CVE•added 2026/01/15 12:6 p.m.•13 views

CVE-2026-0976

Keycloak contains an improper input validation vulnerability (CVE-2026-0976) where RFC-compliant matrix parameters in URL path segments can be processed in ways that bypass reverse-proxy path filtering, potentially exposing administrative or sensitive endpoints. Affected component commonly cited ...

3.7CVSS6.2AI score0.00354EPSS

Exploits0References2

Positive Technologies•added 2026/01/15 12:0 a.m.•6 views

PT-2026-2984

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak related to improper input validation. The software accepts RFC-compliant matrix parameters within URL path segments, which may be ignored or mishandled by common...

3.7CVSS6.3AI score0.00354EPSS

Exploits0References5

Veracode•added 2026/01/07 7:21 a.m.•4 views

Unauthenticated Information Disclosure

signalk-server is vulnerable to unauthenticated information disclosure. The vulnerability is due to missing authentication checks on sensitive endpoints, which allows an attacker to retrieve internal system details such as the full SignalK data schema, connected serial devices, and installed...

5.3CVSS7AI score0.00338EPSS

Exploits1References3Affected Software1

Veracode•added 2025/12/13 5:21 a.m.•6 views

Cross-site Request Forgery

Jenkins Nexus Task Runner Plugin is vulnerable to a Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protection on sensitive plugin endpoints, where crafted requests can trigger actions without user interaction, allowing attackers to force an authenticated Jenkins user to...

4.3CVSS6.7AI score0.00174EPSS

Exploits0References2Affected Software1

EUVD•added 2025/11/12 3:31 p.m.•4 views

EUVD-2025-131904

Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication...

7.5CVSS6.3AI score0.00431EPSS

Exploits0References3

OSV•added 2025/11/12 3:15 p.m.•4 views

CVE-2025-63667

Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication...

7.5CVSS5.8AI score0.00431EPSS

Exploits0References3

EUVD•added 2025/10/22 6:30 p.m.•4 views

EUVD-2025-35608

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user's private checklist...

5.3CVSS6.2AI score0.0016EPSS

Exploits0References2