CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

225 matches found

CVE-2026-56234

Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validatepasswordcompliance endpoint that is callable using only the public Supabase key without authentication. The endpoint is CORS-permissive with wildcard origin allowance and lacks rate...

6.9CVSS

Exploits0References2

EUVD•added yesterday•6 views

EUVD-2026-38429

6.9CVSS5.9AI score

Exploits0References2

Cvelist•added yesterday•22 views

CVE-2026-56234 Capgo - Password Spraying via Public-Key Accessible Credential Validation Endpoint

6.9CVSS

Exploits0References2

The Hacker News•added 2026/04/21 11:30 a.m.•7 views

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks remain a dominant...

5.6AI score

Exploits0

The Hacker News•added 2026/04/06 6:37 p.m.•6 views

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3...

6.2AI score

Exploits0

GithubExploit•added 2026/03/23 6:52 p.m.•129 views

Classic-Heap-Attacks-POCs-Windows-10

Pruebas de concepto contra el heap de Windows En este reposit...

5.7AI score

Exploits0

Malwarebytes•added 2026/02/13 1:27 p.m.•7 views

How to find and remove credential-stealing Chrome extensions

Researchers have found yet another family of malicious extensions in the Chrome Web Store. This time, 30 different Chrome extensions were found stealing credentials from more than 260,000 users. The extensions rendered a full-screen iframe pointing to a remote domain. This iframe overlaid the...

5.8AI score

Exploits0

Packet Storm News•added 2026/02/09 12:0 a.m.•5 views

Reverse Online Guessing Attacks on PAKE Protocols

Though not yet widely deployed, password-authenticated key exchange PAKE protocols have been the subject of several recent standardization efforts, partly because of their resistance against various guessing attacks, but also because they do not require a public-key infrastructure PKI, making the...

5.6AI score

Exploits0

GithubExploit•added 2025/11/25 11:42 a.m.•317 views

Exploit for Use of Uninitialized Resource in Microsoft

Proof-of-Concept exploit for the Untrusted Pointer Dereferenc...

9.8CVSS8.1AI score0.03536EPSS

Exploits6

GithubExploit•added 2025/11/23 11:9 a.m.•239 views

Exploit for Use of Uninitialized Resource in Microsoft

Proof-of-Concept exploit for the Untrusted Pointer Dereferenc...

9.8CVSS8.1AI score0.03536EPSS

Exploits6

Vulnrichment•added 2025/11/12 5:41 p.m.•4 views

CVE-2025-25236

Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks...

5.3CVSS6.1AI score0.00213EPSS

Exploits0References2

Veracode•added 2025/10/14 7:19 a.m.•5 views

Brute-Force Attack

ethycafides is vulnerable to brute-force attack. The vulnerability is due to the absence of specific anti-automation controls on the Admin UI login endpoint, which allows an attacker to perform credential testing attacks such as credential stuffing or password spraying to gain unauthorized access...

6.5CVSS7.3AI score0.00277EPSS

Exploits0References5Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-48713