CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

ATTACKERKB•added 2026/04/23 7:29 p.m.•2 views

CVE-2026-41273

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public...

7.7CVSS5.8AI score0.0021EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/11/13 5:49 p.m.•3 views

CVE-2025-64706 Typebot IDOR Vulnerability: Unauthorized API Token Deletion and Exposure

Typebot is an open-source chatbot builder. In version 3.9.0 up to but excluding version 3.13.0, an Insecure Direct Object Reference IDOR vulnerability exists in the API token management endpoint. An authenticated attacker can delete any user's API token and retrieve its value by simply knowing th...

5CVSS6.4AI score0.00046EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-4027

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00113EPSS

Exploits0References8

CNNVD•added 2024/09/19 12:0 a.m.•1 views

Apex Softcell LD Geo 安全漏洞

Apex Softcell LD Geo is an application from Apex Softcell. Apex Softcell LD Geo has a security vulnerability that stems from improper validation of transaction token IDs in the API endpoint...

8.7CVSS6.8AI score0.00092EPSS

Exploits0References2

OSV•added 2023/03/06 10:15 p.m.•0 views

UBUNTU-CVE-2021-36398

In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk...

5.4CVSS5.8AI score0.00823EPSS

Exploits0References3

Github Security Blog•added 2022/05/17 2:41 a.m.•26 views

Zend Framework CSRF Vulnerability

Cross-site request forgery CSRF vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers...

8.8CVSS7AI score0.00113EPSS

Exploits0References9Affected Software1

OSV•added 2022/05/17 2:41 a.m.•14 views

GHSA-GWWQ-54QP-9PGP Zend Framework CSRF Vulnerability

Cross-site request forgery CSRF vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers...

8.8CVSS8.8AI score0.00113EPSS

Exploits0References8

RedHat Linux•added 2021/03/22 8:10 a.m.•3 views

pki-core: stored Cross-site scripting (XSS) in the pki-tps web Activity tab

It was found that the Token Processing Service TPS did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting XSS vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would...

6.1CVSS6AI score0.0024EPSS

Exploits0References4

Circl•added 2020/12/11 7:35 a.m.•0 views

CVE-2020-26415

creationtimestamp| type| source ---|---|--- 2020-12-11 07:35:24+00:00| seen| https://t.me/cibsecurity/19785 2020-12-11 07:38:23+00:00| seen| https://t.me/cibsecurity/19805 2020-12-11 08:25:42+00:00| seen| https://t.me/cibsecurity/19825 2020-12-11 09:25:37+00:00| seen| https://t.me/cibsecurity/198...

4.3CVSS4.6AI score0.00161EPSS

Exploits0References24