CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

GithubExploit•added 2026/04/09 11:9 a.m.•169 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

10CVSS7.6AI score0.63045EPSS

Exploits38

CNNVD•added 2026/04/08 12:0 a.m.•2 views

InvenTree 安全漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and parts tracking capabilities. Versions of InvenTree from 0.16.0 to 1.2.7 contained security vulnerabilities. These vulnerabilities allowed any authenticated user to...

8.3CVSS5.8AI score0.00049EPSS

Exploits0References1

Cvelist•added 2026/04/07 6:19 a.m.•23 views

CVE-2026-1114 Improper Access Control via Weak JWT Token in parisneo/lollms

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS0.00027EPSS

Exploits1References2

GithubExploit•added 2026/02/24 5:4 a.m.•414 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

10CVSS9.2AI score0.63045EPSS

Exploits38

Vulnrichment•added 2026/02/03 12:0 a.m.•2 views

CVE-2025-69971

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...

5.5AI score0.04529EPSS

Exploits0References1

GithubExploit•added 2026/01/30 10:38 p.m.•176 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

10CVSS6AI score0.63045EPSS

Exploits38

Packet Storm•added 2026/01/30 12:0 a.m.•253 views

📄 n8n 2.0.0-rc.4 Remote Command Execution

n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution...

10CVSS6AI score0.63045EPSS

Exploits37

GithubExploit•added 2026/01/07 7:32 p.m.•235 views

Exploit for CVE-2026-21858

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

9.9CVSS8.4AI score0.63045EPSS

Exploits37

OSV•added 2025/06/03 8:33 p.m.•5 views

CVE-2025-49001 Dataease Authentication Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available...

8.7CVSS6.8AI score0.07369EPSS

Exploits0References3

OSV•added 2023/11/14 11:15 a.m.•1 views

CVE-2023-46096

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents...

6.5CVSS5.8AI score

Exploits0References1

CVE•added 2023/01/04 3:4 p.m.•92 views

CVE-2023-22463

KubePi (Kubernetes panel)

9.8CVSS9.5AI score0.91521EPSS

In wildExploits1References4Affected Software1

ATTACKERKB•added 2018/01/04 6:29 a.m.•3 views

CVE-2018-0114

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature JWS standard for JSON Web Tokens JWTs...

7.5CVSS5.8AI score0.84691EPSS

Exploits6References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by