CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

111 matches found

CNNVD•added 2026/05/11 12:0 a.m.•8 views

@workos/authkit-session 输入验证错误漏洞

@workos/authkit-session is an open-source session authentication and token management tool developed by WorkOS. Versions of @workos/authkit-session prior to 0.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of the...

4.3CVSS5.7AI score0.00196EPSS

Exploits0References2

ATTACKERKB•added 2026/04/18 12:7 a.m.•4 views

CVE-2026-40350

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints /settings/users and use them to enumerate all users and create a new administrator account. This happens because the route...

8.8CVSS5.7AI score0.00441EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2026/03/18 11:8 a.m.•6 views

CVE-2025-41258 LibreChat RAG API Authentication Bypass

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API...

8CVSS5.8AI score0.00344EPSS

Exploits1References2

Cvelist•added 2026/03/10 5:27 p.m.•28 views

CVE-2026-30969 Coral Server has insufficient agent authentication in session communication channels

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

7.6CVSS0.00381EPSS

Exploits0References2

OSV•added 2026/03/10 5:27 p.m.•3 views

CVE-2026-30969 Coral Server has insufficient agent authentication in session communication channels

7.6CVSS5.8AI score0.00381EPSS

Exploits0References4

CNNVD•added 2026/02/06 12:0 a.m.•4 views

Red Hat Ansible Automation Platform 2 安全漏洞

Red Hat Ansible Automation Platform 2 is software developed by Red Hat Inc. It is used for building, deploying, and managing automation processes. There is a security vulnerability in Red Hat Ansible Automation Platform 2. This vulnerability stems from the dialogue endpoints that handle AI chat...

4.2CVSS5.8AI score0.00222EPSS

Exploits0References2

NVD•added 2026/02/02 4:15 a.m.•7 views

CVE-2026-1740

A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpconchecksessionurl of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has...

9.8CVSS0.00478EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 11:27 a.m.•7 views

CVE-2021-33330

Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing CORS protected resources if the user is only authenticated using the portal session authentication, which allows remote attackers to obtain sensitive information including the...

4.3CVSS6.4AI score0.01122EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:52 a.m.•4 views

CVE-2020-10971

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...

9.3CVSS7.1AI score0.02662EPSS

Exploits0References1

CNNVD•added 2025/11/25 12:0 a.m.•2 views

Primakon Pi Portal 安全漏洞

Primakon Pi Portal is a project, contract management platform from Primakon Croatia. A security vulnerability exists in Primakon Pi Portal version 1.0.18, which stems from a lack of session authentication in the /api/V2/ppusers?email endpoint, which could lead to elevated privileges...

8.8CVSS6.9AI score0.00246EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-0909

Malware in sbrugna...

8.8CVSS8.8AI score0.01275EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-17856

Malware in sbrugna...

7.5CVSS6.4AI score0.01695EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-27068

Malware in sbrugna...

7.5CVSS7.5AI score0.01113EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2016-9551

Malware in sbrugna...

8.1CVSS6.2AI score0.01353EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-1350

Malware in sbrugna...

4.9CVSS5.6AI score0.01353EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2016-0894

Malware in sbrugna...

9.8CVSS9.5AI score0.00883EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2021-32629

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01483EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•7 views

EUVD-2025-22261

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00403EPSS

Exploits0References3

SUSE Linux•added 2025/08/14 1:3 p.m.•3 views

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set bsc1239308 CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users...

8.7CVSS7.1AI score0.01471EPSS

Exploits2References12

NVD•added 2025/07/21 9:15 p.m.•5 views

CVE-2025-54127

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...

9.8CVSS0.00403EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by