CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/21 6:16 p.m.•9 views

CVE-2026-48247

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An...

8.2CVSS0.00022EPSS

CVE•added 2026/05/21 5:11 p.m.•12 views

CVE-2026-48249

Open ISES Tickets

EUVD•added 2026/05/21 5:11 p.m.•6 views

EUVD-2026-31329

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobilelogin.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the mobile RouteMate login flow. An...

EUVD•added 2026/05/21 5:11 p.m.•7 views

EUVD-2026-31330

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker...

8.2CVSS5.9AI score0.00033EPSS

Vulnrichment•added 2026/05/21 5:11 p.m.•8 views

CVE-2026-48247 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php

EUVD•added 2026/05/21 5:11 p.m.•8 views

EUVD-2026-31326

ATTACKERKB•added 2026/05/21 5:11 p.m.•6 views

CVE-2026-48247

Positive Technologies•added 2026/05/21 12:0 a.m.•7 views

Exploits0References4

PT-2026-42526

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the login/authentication flow. An attacker...

8.2CVSS5.9AI score0.00033EPSS

Exploits0References4

OSV•added 2026/05/20 4:18 a.m.•5 views

MAL-2026-4568 Malicious code in fulcrum-sessions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3971399e0fb1bd6c61f5306557512ed22dc0605747526b600b08626a50eb31e src/config.js hardcodes a live Telegram bot token bot id 8656735452 and a default groupId -1003974755050 pointing at a chat owned by the package...

5.8AI score

Exploits0References2

NVD•added 2026/05/14 5:16 p.m.•8 views

CVE-2026-20209

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive...

5.4CVSS0.00033EPSS

Exploits0References2

CNNVD•added 2026/05/14 12:0 a.m.•7 views

Cisco Catalyst SD-WAN Manager（Cisco SD-WAN vManage）安全漏洞

Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN...

5.4CVSS5.8AI score0.00033EPSS

Positive Technologies•added 2026/05/14 12:0 a.m.•7 views

PT-2026-41015

Foscam VD1 Video Doorbell before V5.3.13 1072 is vulnerable to Cleartext Transmission of Sensitive Information. The device transmits sensitive Session Description Protocol SDP, including ICE credentials and candidates, in cleartext over network interfaces. An attacker with network visibility can...

5.9AI score0.00015EPSS

Exploits0References2

NVD•added 2026/05/13 10:16 p.m.•7 views

CVE-2026-44423

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...

6.5CVSS0.00033EPSS

Exploits1References1

Cvelist•added 2026/05/13 9:7 p.m.•29 views

CVE-2026-44423 ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data

6.5CVSS0.00033EPSS

Exploits1References1

Vulnrichment•added 2026/05/13 9:7 p.m.•4 views

CVE-2026-44423 ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data

6.5CVSS5.9AI score0.00033EPSS

Exploits1References1

CVE•added 2026/05/13 9:7 p.m.•6 views

CVE-2026-44423

CVE-2026-44423 describes a cross-tenant IDOR in ShellHub: before 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, exposing SSH session data (username, device UID, remote IP, terminal, timestamps) without tenant scoping. Root cause: GetSession resolves b...

6.5CVSS5.9AI score0.00033EPSS

Exploits1References1Affected Software1

NVD•added 2026/05/13 8:16 p.m.•5 views

CVE-2026-44364

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

9.3CVSS0.00008EPSS

CVE•added 2026/05/13 7:15 p.m.•13 views

CVE-2026-44364

The CVE affects the MISP-modules component in MISP modules’ home blueprint prior to 3.0.7, where CSRF protection was disabled, allowing an authenticated user to trigger unintended requests and potentially modify session query data. The issue was fixed by enabling CSRF protection for the affected ...

9.3CVSS5.8AI score0.00008EPSS

Vulnrichment•added 2026/05/13 7:15 p.m.•3 views

CVE-2026-44364 misp-modules website - Missing CSRF protection in the website home blueprint

9.3CVSS5.8AI score0.00008EPSS