CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

14 matches found

Snyk•added 2026/05/27 5:36 p.m.•7 views

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the migrate endpoint /actions/app/migrate. An attacker can perform unauthorized migration operations by sending crafted requests to this endpoint. Remediation There ...

7.3CVSS5.8AI score0.00047EPSS

Exploits2References2

EUVD•added 2026/02/08 12:30 a.m.•5 views

EUVD-2026-5703

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

8.8CVSS5.3AI score0.0002EPSS

Exploits0References4

NVD•added 2026/02/07 10:16 p.m.•6 views

CVE-2026-25859

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

8.8CVSS0.0002EPSS

Exploits0References3

OSV•added 2026/02/07 10:16 p.m.•6 views

CVE-2026-25859

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

8.8CVSS5.3AI score

Exploits0References3

Vulnrichment•added 2026/02/07 9:59 p.m.•3 views

CVE-2026-25859 WeKan < 8.20 Migration Functionality Insufficient Permission Checks

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

7.1CVSS5.4AI score0.0002EPSS

Exploits0References3

Cvelist•added 2026/02/07 9:59 p.m.•23 views

CVE-2026-25859 WeKan < 8.20 Migration Functionality Insufficient Permission Checks

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

7.1CVSS0.0002EPSS

Exploits0References3

OSV•added 2025/11/17 7:11 p.m.•1 views

GO-2025-4104 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes in github.com/kubevirt/kubevirt

KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes in github.com/kubevirt/kubevirt. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...

6.9CVSS6.8AI score0.00104EPSS

Exploits1References2

Microsoft CVE•added 2025/11/09 9:1 a.m.•4 views

KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

...

6.9CVSS6.8AI score0.00104EPSS

Snyk•added 2025/11/07 11:46 p.m.•2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to excessive permissions granted to the virt-handler service account. An attacker can initiate unauthorized migrations of virtual machine instances to attacker-controlled nodes or mark all nodes as...

6.9CVSS5.5AI score0.00104EPSS

Exploits1References2

CVE•added 2025/11/07 10:59 p.m.•11 views

CVE-2025-64436

KubeVirt CVE-2025-64436 affects the virt-handler service account in KubeVirt up to version 1.5.0, where overprivileged permissions (e.g., updating VMI, patching nodes) could be abused to migrate a VMI to an attacker-controlled node or mark all nodes as unschedulable, potentially forcing privilege...

6.9CVSS6.4AI score0.00104EPSS

Exploits1References1Affected Software1

OSV•added 2025/11/07 10:59 p.m.•3 views

CVE-2025-64436 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could...

6.9CVSS6.8AI score0.00104EPSS

Exploits1References3

Cvelist•added 2025/11/07 10:59 p.m.•6 views

CVE-2025-64436 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could...

6.9CVSS0.00104EPSS

Exploits1References1

EUVD•added 2025/11/07 10:59 p.m.•0 views

EUVD-2025-38214

KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could...

6.9CVSS6.3AI score0.00104EPSS

Exploits1References2

OSV•added 2025/11/06 11:35 p.m.•4 views

GHSA-7XGM-5PRM-V5GC KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes

Summary The permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. Details Following the GitHub security advisory published on March 23 2023, a ValidatingAdmissionPolicy w...

6.9CVSS5.5AI score0.00104EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by