CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

309 matches found

Apache Superset - Authentication Bypass

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

9.8CVSS7.4AI score0.97405EPSS

Exploits20References5

NVD•added 2026/06/13 6:16 p.m.•13 views

CVE-2026-12183

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

9.8CVSS0.00548EPSS

Exploits0References4

CNNVD•added 2026/06/05 12:0 a.m.•6 views

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of the sessionId parameter by the file manager’s functionality. The identifier controlle...

9CVSS5.4AI score0.00387EPSS

Exploits1References1

RedhatCVE•added 2026/05/13 8:23 p.m.•8 views

CVE-2026-5146

Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation. This issue affects the following versions : Devolutions Server 2026.1.6.0 through...

4.3CVSS5.9AI score0.00162EPSS

Exploits0References1

NVD•added 2026/05/12 6:17 p.m.•14 views

CVE-2026-5146

4.3CVSS0.00162EPSS

Exploits0References1

Cvelist•added 2026/05/12 5:28 p.m.•31 views

CVE-2026-5146

0.00162EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 5:28 p.m.•5 views

CVE-2026-5146

5.9AI score0.00162EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

PT-2026-40335

5.9AI score0.00162EPSS

Exploits0References2

Github Security Blog•added 2026/05/11 2:2 p.m.•11 views

Open WebUI has a CORS misconfiguration and session validation issue

GitHub Security Lab GHSL Vulnerability Report, open-webui: GHSL-2024-174, GHSL-2024-175 The GitHub Security Lab team has identified potential security vulnerabilities in open-webui. We are committed to working with you to help resolve these issues. In this report you will find everything you need...

6.6AI score

Exploits0References2Affected Software1

OSV•added 2026/05/11 2:2 p.m.•5 views

GHSA-6XCP-7MPR-M7WM Open WebUI has a CORS misconfiguration and session validation issue

8.3CVSS6.6AI score

Exploits0References2

EUVD•added 2026/04/29 7:24 p.m.•3 views

EUVD-2018-21838

Tenda W3002R/A302/W309R wireless routers version V5.07.64en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted...

9.8CVSS5.3AI score0.00651EPSS

Exploits1References2

Packet Storm News•added 2026/04/27 12:0 a.m.•11 views

Selenium Grid 4.11.0 Selenoid Backend Detection and Safe Session Validation Inspector

The provided Python script is a non-exploit reconnaissance and validation tool designed to identify Selenium Grid or Selenoid deployments exposed via HTTP APIs...

5.2AI score

Exploits0

GithubExploit•added 2026/04/23 8:29 a.m.•87 views

Automated-CSRF-PoC-Generator

Description: A specialized Python script designed to automate th...

5.8AI score

Exploits0

RedhatCVE•added 2026/04/02 4:56 p.m.•3 views

CVE-2026-34072

CrnMaster cronmaster is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s...

8.3CVSS5.9AI score0.00443EPSS

Exploits0References1

NVD•added 2026/04/01 6:16 p.m.•8 views

CVE-2026-34072

9.8CVSS0.00443EPSS

Exploits0References2

RedhatCVE•added 2026/03/26 3:18 p.m.•3 views

CVE-2026-30702

The WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoint...

9.8CVSS5.8AI score0.00369EPSS

Exploits0References1

Github Security Blog•added 2026/03/21 3:31 a.m.•7 views

Duplicate Advisory: OpenClaw's Signal reaction-only status events could, in limited cases, be enqueued before access checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-792q-qw95-f446. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.25 contain an access control vulnerability in signal reaction notification handling...

6.3CVSS5.7AI score0.0021EPSS

Exploits0References5Affected Software1

NVD•added 2026/03/18 6:16 p.m.•3 views

CVE-2026-30702

9.8CVSS0.00369EPSS

Exploits0References2

Vulnrichment•added 2026/03/13 9:20 p.m.•3 views

CVE-2026-32713 PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...

4.3CVSS5.8AI score0.00387EPSS

Exploits1References1

Cvelist•added 2026/03/13 9:20 p.m.•32 views

CVE-2026-32713 PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors

4.3CVSS0.00387EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by