CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

128 matches found

Positive Technologies•added 2026/05/23 12:0 a.m.•8 views

PT-2026-42872

Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by HasPermission, but the WebSocket stream treats the presence of any authenticated user ...

6.5CVSS5.8AI score

Exploits0References3

CVE•added 2026/05/21 7:34 a.m.•13 views

CVE-2026-44058

CVE-2026-44058 affects Netatalk 2.2.2 through 4.4.2 and allows an authentication bypass via the admin auth user mechanism. Root cause described as an authentication bypass, enabling a remote attacker to authenticate as an arbitrary user. The issue is fixed in Netatalk 4.5.0. The CVSS v3.1 baselin...

7.2CVSS6AI score0.00222EPSS

Exploits0References1

OSV•added 2026/05/14 11:56 a.m.•1 views

BIT-TOMCAT-2026-43512 Apache Tomcat: Digest authenticator will authenticate any unknown user

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any...

9.8CVSS5.7AI score0.00139EPSS

Exploits0References3

Vulnrichment•added 2026/05/12 3:24 p.m.•9 views

CVE-2026-43512 Apache Tomcat: Digest authenticator will authenticate any unknown user

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported...

5.7AI score0.00139EPSS

Exploits0References1

NVD•added 2026/04/27 6:16 p.m.•0 views

CVE-2026-7144

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00035EPSS

Exploits0References5

NVD•added 2026/03/11 7:16 p.m.•1 views

CVE-2019-25483

Comtrend AR-5310 GE31-412SSG-C01R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $ . Attackers can inject arbitrary commands through the $ syntax when passed as arguments to allowed...

8.6CVSS0.00019EPSS

Exploits0References2

OSV•added 2026/03/10 5:6 p.m.•2 views

CVE-2026-30959 OneUptime has WhatsApp Resend Verification Authorization Bypass

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated unlike the verify endpoint. This affects the...

5.3CVSS5.9AI score0.0002EPSS

Exploits1References4

RedhatCVE•added 2026/03/04 1:57 a.m.•1 views

CVE-2026-0021

In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00003EPSS

Exploits0References1

OSV•added 2026/03/02 7:16 p.m.•1 views

CVE-2026-0021

8.4CVSS5.9AI score

Exploits0References1

NVD•added 2026/03/02 7:16 p.m.•3 views

CVE-2026-0021

8.4CVSS0.00003EPSS

Exploits0References1

Tenable Nessus•added 2026/01/15 12:0 a.m.•1 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003090)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003090 advisory. Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set...

4.7CVSS6.8AI score0.00034EPSS

Exploits0References14

RedhatCVE•added 2026/01/09 11:42 a.m.•6 views

CVE-2001-1548

ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters...

2.1CVSS6.8AI score0.00054EPSS

Exploits1References1

CNNVD•added 2025/12/04 12:0 a.m.•2 views

Thermo Fisher Torrent Suite Django application 安全漏洞

Thermo Fisher Torrent Suite Django application is a core software component of Thermo Fisher USA. A security vulnerability exists in Thermo Fisher Torrent Suite Django application version 5.18.1, which originates in the LocalhostAuthMiddleware middleware that performs automated authentication to ...

7.8CVSS6.6AI score0.00019EPSS

Exploits0References4