CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

63 matches found

CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

0.00037EPSS

Exploits0References1

EUVD•added 2 days ago•4 views

EUVD-2026-34150

7.3CVSS5.9AI score0.00037EPSS

Exploits0References1

UbuntuCve•added 2026/04/17 10:16 p.m.•1 views

CVE-2026-5720

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

9.1CVSS5.8AI score0.00054EPSS

Exploits0References1

OSV•added 2026/04/17 10:16 p.m.•2 views

UBUNTU-CVE-2026-5720

9.1CVSS5.8AI score0.00054EPSS

Exploits0References2

Cvelist•added 2026/04/17 9:39 p.m.•16 views

CVE-2026-5720 miniupnpd Integer Underflow SOAPAction Header Parsing

7.1CVSS0.00054EPSS

Exploits0References3

CNNVD•added 2026/04/17 12:0 a.m.•7 views

MiniUPnP 安全漏洞

MiniUPnP is a set of UPnP tools developed by the Miniupnp project, which can be used in embedded systems. These tools enable devices in home and corporate networks to connect with each other. MiniUPnP has a security vulnerability, stemming from integer underflow in the parsing of SOAPAction...

9.1CVSS5.8AI score0.00054EPSS

Exploits0References1

Positive Technologies•added 2026/04/17 12:0 a.m.•3 views

PT-2026-33521

7.1CVSS5.8AI score0.00054EPSS

Exploits0References5

RedhatCVE•added 2025/12/03 2:2 p.m.•3 views

CVE-2025-41014

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...

7.5CVSS6.8AI score0.00082EPSS

Exploits0References1

RedhatCVE•added 2025/12/03 2:2 p.m.•2 views

CVE-2025-41015

7.5CVSS6.8AI score0.00082EPSS

Exploits0References1

RedhatCVE•added 2025/12/03 2:2 p.m.•2 views

CVE-2025-41012

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

8.7CVSS6.9AI score0.00089EPSS

Exploits0References1

EUVD•added 2025/12/02 3:30 p.m.•3 views

EUVD-2025-200225

8.7CVSS6.4AI score0.00089EPSS

Exploits0References2

EUVD•added 2025/12/02 3:30 p.m.•2 views

EUVD-2025-200246

6.9CVSS6.3AI score0.00082EPSS

Exploits0References2

OSV•added 2025/12/02 2:16 p.m.•1 views

CVE-2025-41014

7.5CVSS5.8AI score0.00082EPSS

Exploits0References1

Vulnrichment•added 2025/12/02 1:18 p.m.•3 views

CVE-2025-41015 User Enumeration vulnerability in TCMAN GIM

6.9CVSS6.4AI score0.00082EPSS

Exploits0References1

Cvelist•added 2025/12/02 1:18 p.m.•4 views

CVE-2025-41015 User Enumeration vulnerability in TCMAN GIM

6.9CVSS0.00082EPSS

Exploits0References1

CVE•added 2025/12/02 1:18 p.m.•5 views

CVE-2025-41015

CVE-2025-41015 affects TCMAN GIM v11 (build 20250304). Affected component: the web service at /WS/PDAWebService.asmx, exposed via the SOAP action GetUserQuestionAndAnswer in the pda:username parameter. Root cause: unauthenticated user enumeration through the parameter, enabling an attacker to det...

7.5CVSS6.5AI score0.00082EPSS

Exploits0References1Affected Software1

OSV•added 2025/12/02 1:15 p.m.•1 views

CVE-2025-41012

5.3CVSS5.8AI score0.00089EPSS

Exploits0References1

CVE•added 2025/12/02 1:12 p.m.•7 views

CVE-2025-41012

The CVE-2025-41012 entry describes an unauthorized-access vulnerability in TCMAN GIM v11 (build 20250304) where an unauthenticated attacker can determine if a user exists on the system by sending requests to the PDAWebService ( /WS/PDAWebService.asmx ) using the parameters pda:userId and pda:newP...

8.7CVSS6.5AI score0.00089EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/12/02 12:0 a.m.•2 views

PT-2025-48680

Name of the Vulnerable Software and Affected Versions TCMAN GIM version 20250304 Description An unauthenticated attacker can determine if a user exists on the system. This is achieved by utilizing the pda:userId and pda:newPassword parameters with the 'soapaction UnlockUser’ within the...

8.7CVSS6.7AI score0.00089EPSS

Exploits0References3

RedhatCVE•added 2025/11/20 12:21 a.m.•3 views

CVE-2025-63932

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...

7.3CVSS8.5AI score0.00579EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by