CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72 matches found

Github Security Blog•added yesterday•8 views

epa4all-client: Unauthenticated REST API for Patient Record Writes

Impact Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g., following the production Docker example in the README, this is exploitable from the local network without...

6.5CVSS5.9AI score0.00021EPSS

Exploits0References4Affected Software1

Positive Technologies•added yesterday•3 views

PT-2026-46857

6.5CVSS5.9AI score0.00021EPSS

Exploits0References5

Vulnrichment•added 3 days ago•5 views

CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...

8.2CVSS5.8AI score0.00073EPSS

Exploits0References1

Debian CVE•added 2026/05/27 12:18 p.m.•3 views

CVE-2026-45964

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

5.7AI score0.00032EPSS

Exploits0

CNNVD•added 2026/04/21 12:0 a.m.•6 views

mitmproxy 注入漏洞

Mitmproxy is an interactive, open-source intercepting proxy that supports SSL/TLS. It comes with a console interface for HTTP/1, HTTP/2, and WebSockets. Versions of Mitmproxy prior to 12.2.1 have a vulnerability due to improper cleanup of usernames during LDAP proxy authentication, which could...

4.8CVSS5.8AI score0.00092EPSS

Exploits1References2

ATTACKERKB•added 2026/04/16 10:49 p.m.•0 views

CVE-2026-40259

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

8.1CVSS5.9AI score0.0003EPSS

Exploits1References3Affected Software1

CVE•added 2026/04/09 2:34 p.m.•12 views

CVE-2026-34578

OPNsense prior to 26.1.6 exposes LDAP injection risk in the WebGUI login: the LDAP authentication connector inserts the username directly into the LDAP search filter without escaping. An unauthenticated attacker can inject LDAP metacharacters to enumerate valid LDAP usernames. If the LDAP server ...

8.2CVSS5.9AI score0.00256EPSS

Exploits1References2Affected Software1

OSV•added 2026/04/09 1:20 p.m.•2 views

SUSE-SU-2026:21078-1 Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

7.8CVSS5.8AI score0.00063EPSS

Exploits0References17

AlpineLinux•added 2026/03/26 8:6 p.m.•2 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00064EPSS

Exploits0

Positive Technologies•added 2026/03/18 12:0 a.m.•3 views

PT-2026-26053

🟠 CVE-2025-41258 - High LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API. https://t.co/MJXOI2sVrJ https://t.co/WsKiIkw0M2...

8CVSS5.8AI score0.0008EPSS

Exploits1References6

CNNVD•added 2026/02/25 12:0 a.m.•4 views

Cisco Catalyst SD-WAN Manager 安全漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager, which stems from insufficient user...

8.8CVSS7.5AI score0.00016EPSS

Exploits0References1

RedhatCVE•added 2025/10/31 10:8 p.m.•2 views

CVE-2023-53690

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

6.2CVSS5.9AI score0.0123EPSS

Exploits0References1

OSV•added 2025/10/23 12:15 p.m.•1 views

UBUNTU-CVE-2025-62399

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks...

7.5CVSS5.8AI score0.00088EPSS

Exploits0References4

SUSE Linux•added 2025/10/07 3:45 p.m.•3 views

Security update for kernel-livepatch-MICRO-6-0-RT_Update_2

This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: CVE-2024-50154: tcp/dccp: Don't use timerpending in reqskqueueunlink bsc1233072 CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing bsc1237048 CVE-2025-21791: vrf: use RCU protection in l3mdevl3out bsc1240744...

8.7CVSS7.5AI score0.0005EPSS

Exploits3References24