CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

201 matches found

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-44034

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS5.8AI score0.00043EPSS

Exploits0References2

OSV•added 2026/05/14 4:18 p.m.•0 views

GHSA-6H4J-WCR9-2VG7 n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential...

8.3CVSS5.8AI score

Exploits0References2

Packet Storm News•added 2026/05/14 12:0 a.m.•18 views

Do Coding Agents Understand Least-Privilege Authorization?

As coding agents gain access to shells, repositories, and user files, least-privilege authorization becomes a prerequisite for safe deployment: an agent should receive enough authority to complete the task, without unnecessary authority that exposes sensitive surfaces.To study whether current...

5.9AI score

Exploits0

Cvelist•added 2026/04/24 12:16 a.m.•23 views

CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...

4.3CVSS0.00034EPSS

Exploits0References2

Vulnrichment•added 2026/03/08 1:32 p.m.•1 views

CVE-2026-3737 SourceCodester Pet Grooming Management Software User Creation add_user.php improper authorization

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file adduser.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has bee...

6.5CVSS5.5AI score0.00048EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 12:36 p.m.•3 views

CVE-2023-49261

The "tokenKey" value used in user authorization is visible in the HTML source of the login page...

7.5CVSS6.8AI score0.00092EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:45 a.m.•4 views

CVE-2022-0919

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number ...

5.3CVSS6.5AI score0.00981EPSS

Exploits2References1