CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

EUVD•added 2026/03/06 3:31 p.m.•1 views

EUVD-2026-10039

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

7.5CVSS5.9AI score0.00057EPSS

Exploits0References2

NVD•added 2026/03/06 3:16 p.m.•4 views

CVE-2026-2754

7.5CVSS0.00057EPSS

Exploits0References2

Vulnrichment•added 2026/03/06 3:5 p.m.•2 views

CVE-2026-2754

7.5CVSS5.9AI score0.00057EPSS

Exploits0References2

Cvelist•added 2026/03/06 3:5 p.m.•26 views

CVE-2026-2754

7.5CVSS0.00057EPSS

Exploits0References2

CVE•added 2026/03/06 3:5 p.m.•22 views

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker can retrieve internal network parameters, including ECDIS & OT information, device identifiers, and service status logs by issuing HTTP GET re...

7.5CVSS5.9AI score0.00057EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/03/06 3:5 p.m.•3 views

CVE-2026-2754

7.5CVSS5.9AI score0.00057EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/03/06 12:0 a.m.•4 views

PT-2026-23718

Name of the Vulnerable Software and Affected Versions Navtor NavBox affected versions not specified Description The software exposes sensitive configuration and operational data because of a lack of authentication on HTTP API endpoints. A remote attacker with network access can send HTTP GET...

7.5CVSS5.6AI score0.00057EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-10551

Malicious code in bioql PyPI...

4.7CVSS6.4AI score0.00131EPSS

Exploits0References3

NVD•added 2025/08/12 5:15 p.m.•1 views

CVE-2025-24520

Insertion of sensitive information into log file for some IntelR Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access...

4.8CVSS0.00074EPSS

Exploits0References1

NVD•added 2025/07/15 3:15 p.m.•5 views

CVE-2025-48795

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...

5.6CVSS0.0031EPSS

Exploits0References2

RedhatCVE•added 2025/04/11 4:3 p.m.•13 views

CVE-2025-32016

Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...

4.7CVSS6.5AI score0.00131EPSS

Exploits0References1

Github Security Blog•added 2025/04/09 6:58 p.m.•13 views

Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

Impact What kind of vulnerability is it? Who is impacted? Description: This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the...

4.7CVSS6.6AI score0.00131EPSS

Exploits0References3Affected Software2

OSV•added 2025/04/09 6:58 p.m.•3 views

GHSA-RPQ8-Q44M-2RPG Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

4.7CVSS6.9AI score0.00131EPSS

Exploits0References3

NVD•added 2025/04/09 4:15 p.m.•8 views

CVE-2025-32016

4.7CVSS0.00131EPSS

Exploits0References1

Cvelist•added 2025/04/09 3:48 p.m.•13 views

CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

4.7CVSS0.00131EPSS

Exploits0References1

Vulnrichment•added 2025/04/09 3:48 p.m.•7 views

CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

4.7CVSS6.5AI score0.00131EPSS

Exploits0References1

CVE•added 2025/04/09 3:48 p.m.•67 views

CVE-2025-32016

This CVE affects Microsoft Identity Web (and related Microsoft.Identity.Abstractions) used with ASP.NET Core for Azure AD v2.0 / AAD B2C integrations. Under certain conditions, service logs can expose sensitive credentials, including local file paths with passwords, Base64-encoded values, and Cli...

4.7CVSS4.7AI score0.00131EPSS

Exploits0References1

OSV•added 2025/04/09 3:48 p.m.•5 views

CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs

4.7CVSS6.5AI score0.00131EPSS

Exploits0References3

CNNVD•added 2025/04/09 12:0 a.m.•2 views

Microsoft Identity Web 日志信息泄露漏洞

Microsoft Identity Web is an Azure Active Directory open source to help create protected web applications and web APIs using the Microsoft Identity Platform and Azure AD B2C. A log information disclosure vulnerability exists in Microsoft Identity Web, which stems from the fact that sensitive...

4.7CVSS5.8AI score0.00131EPSS

Exploits0References1

Positive Technologies•added 2025/04/09 12:0 a.m.•5 views

PT-2025-15702 · Microsoft · Microsoft.Identity.Abstractions +1

Name of the Vulnerable Software and Affected Versions: Microsoft Identity Web versions prior to 3.8.2 Microsoft Identity Web versions prior to 3.8.2 is equivalent to Microsoft.Identity.Abstractions versions prior to 9.0.0, however the correct representation is: Microsoft Identity Web versions pri...

4.7CVSS6AI score0.00131EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by