CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•4 views

CVE-2026-27676

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

4.3CVSS5.5AI score0.00034EPSS

Github Security Blog•added 2 days ago•8 views

praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...

5.5AI score

Exploits0References2Affected Software1

Positive Technologies•added 2 days ago•7 views

PT-2026-47087

Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/agents/agent id gate access on require workspace memberworkspace id only, then resolve agent id through AgentService.getagent id which is a primary-key lookup with no workspace...

8.3CVSS5.5AI score

Positive Technologies•added 6 days ago•7 views

PT-2026-45487

Summary Type: Insecure Direct Object Reference. The issue CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/issues/issue id gate access on require workspace memberworkspace id only, then resolve issue id through IssueService.getissue id which is a primary-key lookup with no workspace...

8.3CVSS5.8AI score

CNNVD•added 2026/05/27 12:0 a.m.•6 views

Dolibarr ERP/CRM 安全漏洞

Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system developed by the Dolibarr Foundation in France. This system can be used to manage products, inventory, invoices, orders, etc. Versions of Dolibarr ERP/CRM from 22.0.0 to 22.0.4, as wel...

7.3CVSS6.1AI score0.00328EPSS

OSV•added 2026/05/14 4:19 p.m.•0 views

GHSA-HMG2-JJJX-JCP2 FlowiseAI: Vector Store No Permission Checks

FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations Severity: HIGH CVSS 8.1 Type: CWE-306 Missing Authentication for Critical Function File: packages/server/src/routes/openai-assistants-vector-store/index.ts Description: ALL CRUD endpoints for OpenAI Assistants Vector Store hav...

8.7CVSS5.8AI score

Vulnrichment•added 2026/05/13 7:22 p.m.•4 views

CVE-2026-42550 Flight: SQL Injection via unvalidated identifiers in SimplePdo::insert / update / delete

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert, SimplePdo::update, and SimplePdo::delete build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query, with no identifier quoting and no validation. When an...

8.8CVSS6AI score0.00019EPSS

Positive Technologies•added 2026/05/06 12:0 a.m.•5 views

PT-2026-37903

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

5.8CVSS6.7AI score0.00328EPSS

Exploits0References7

NVD•added 2026/04/14 12:16 a.m.•2 views

CVE-2026-27679

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS0.00045EPSS

Cvelist•added 2026/04/14 12:7 a.m.•27 views

CVE-2026-27679 Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)

6.5CVSS0.00045EPSS

Cvelist•added 2026/04/14 12:7 a.m.•22 views

CVE-2026-27676 Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)

4.3CVSS0.00034EPSS

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32557

6.5CVSS5.8AI score0.00034EPSS

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32559

6.5CVSS5.8AI score0.00045EPSS

RedhatCVE•added 2026/03/26 3:9 p.m.•2 views

CVE-2026-33326

Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...

4.3CVSS5.7AI score0.00062EPSS

RedhatCVE•added 2026/02/09 6:58 p.m.•3 views

CVE-2025-14778

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

5.4CVSS5AI score0.00012EPSS

EUVD•added 2026/02/08 6:32 p.m.•1 views

EUVD-2026-5776

A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely...

9.8CVSS5.1AI score0.00038EPSS

Exploits0References4

CNVD•added 2025/11/14 12:0 a.m.•1 views

Unspecified Vulnerability in Rockwell Automation Verve Asset Manager

Rockwell Automation Verve Asset Manager is a vendor-neutral OT endpoint management platform from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Verve Asset Manager that can be exploited by an attacker to read, update, and delete users via the API...

8.4CVSS5.9AI score0.00055EPSS

EUVD•added 2025/11/11 3:31 p.m.•2 views

EUVD-2025-84345

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

8.4CVSS6.2AI score0.00055EPSS

NVD•added 2025/11/11 2:15 p.m.•3 views

CVE-2025-11862

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

8.4CVSS0.00055EPSS