CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

494 matches found

TOTOLINK/Realtek Routers - CAPTCHA Bypass

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via a POST request to the boafrm/formLogin URI with the JSON payload "topicurl":"setting/getSanvas". This allows an unauthenticated attacker to bypass CAPTCHA verification, gaining unauthorized access to restricted...

9.8CVSS7.8AI score0.18564EPSS

Exploits3References2

RedhatCVE•added 2 days ago•5 views

CVE-2026-49077

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...

5.3CVSS5.5AI score0.00028EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-5768

The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities,...

8.8CVSS5.5AI score0.00035EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•4 views

CVE-2026-49077

5.3CVSS5.8AI score0.00028EPSS

Exploits0References2

EUVD•added 3 days ago•5 views

EUVD-2026-34241

5.3CVSS5.8AI score0.00028EPSS

Exploits0References1

Snyk•added 2026/05/29 10:29 p.m.•5 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the direct-prompt CLI. An attacker can access sensitive local...

6.9CVSS5.5AI score

Exploits0References2

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44968

Name of the Vulnerable Software and Affected Versions Frontier X2 affected versions not specified Frontier X mobile application affected versions not specified Description The Frontier X2 device permits unauthenticated Bluetooth Low Energy BLE read and write access to critical Generic Attribute...

8.8CVSS5.8AI score0.00035EPSS

Exploits0References8

ATTACKERKB•added 2026/05/28 4:47 p.m.•6 views

CVE-2026-34126

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth rang...

7.3CVSS5.8AI score0.00006EPSS

Exploits0References7

CNNVD•added 2026/05/28 12:0 a.m.•10 views

TP-Link多款产品安全漏洞

TP-Link Tapo L535E are products of the TP-Link company from China. The TP-Link Tapo L535E is a smart color-adjustable LED bulb. The TP-Link Tapo P300 is a smart Wi-Fi multi-port plug-in device. The TP-Link Tapo D100C is a smart video doorbell with a wireless doorbell buzzer. Several TP-Link...

7.3CVSS5.9AI score0.00006EPSS

Exploits0References6

NVD•added 2026/05/21 9:16 a.m.•7 views

CVE-2026-27349

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS0.0003EPSS

Exploits0References1

EUVD•added 2026/05/21 8:21 a.m.•5 views

EUVD-2026-31249

4.3CVSS5.8AI score0.0003EPSS

Exploits0References1

ATTACKERKB•added 2026/05/21 8:21 a.m.•4 views

CVE-2026-27349

4.3CVSS5.8AI score0.0003EPSS

Exploits0References2

CNNVD•added 2026/05/13 12:0 a.m.•5 views

ELECOM多款产品安全漏洞

ELECOM WRC-BE72XSD-B is a wireless router produced by the ELECOM company. Several ELECOM products have security vulnerabilities. This vulnerability stems from the ability to access specific URLs without authentication, which may allow devices to be operated without proper authorization. The...

9.8CVSS7.3AI score0.00089EPSS

Exploits0References1

EUVD•added 2026/05/07 9:31 a.m.•5 views

EUVD-2026-28332

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

5.3CVSS5.8AI score0.00012EPSS

Exploits0References2

NVD•added 2026/05/07 9:16 a.m.•8 views

CVE-2026-25468

5.3CVSS0.00012EPSS

Exploits0References1

ATTACKERKB•added 2026/05/07 7:37 a.m.•2 views

CVE-2026-25468

5.3CVSS5.8AI score0.00012EPSS

Exploits0References2

Positive Technologies•added 2026/05/07 12:0 a.m.•7 views

PT-2026-38356

5.3CVSS5.8AI score0.00012EPSS

Exploits0References1

RedhatCVE•added 2026/05/04 10:47 a.m.•1 views

CVE-2026-7246

A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit function, allows an attacker with an unprivileged account to execute arbitrary operating system OS commands. This could lead to unauthorized control over the affected system...

7.2CVSS6AI score0.00029EPSS

Exploits1References5

RedhatCVE•added 2026/04/30 2:47 p.m.•5 views

CVE-2026-42644

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

5.3CVSS5.2AI score0.00013EPSS

Exploits0References1

RedhatCVE•added 2026/04/29 2:48 p.m.•1 views

CVE-2026-39686

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through = 3.7.2...

5.3CVSS5.2AI score0.00041EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by