CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Vulnrichment•added 2026/04/02 6:50 p.m.•1 views

CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

9.2CVSS5.8AI score0.00372EPSS

Exploits1References3

NVD•added 2021/12/21 5:15 p.m.•12 views

CVE-2021-44877

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability ha...

7.5CVSS0.00544EPSS

Exploits0References1

Prion•added 2021/12/21 5:15 p.m.•18 views

Improper access control

5CVSS7.4AI score0.00544EPSS

Exploits0References1Affected Software1

NVD•added 2021/07/14 3:15 p.m.•16 views

CVE-2021-22781

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

5.5CVSS0.00052EPSS

Exploits0References1

Prion•added 2021/07/14 3:15 p.m.•23 views

Design/Logic Flaw

2.1CVSS6.3AI score0.00052EPSS

Exploits0References1Affected Software1