CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/13 6:31 a.m.•27 views

CVE-2026-40436 ZTE ZXEDM iEMS product has a password reset vulnerability

7.1CVSS0.00039EPSS

CVE•added 2026/04/13 6:31 a.m.•8 views

CVE-2026-40436

CVE-2026-40436 affects the ZTE ZXEDM iEMS product. The vulnerability is a password reset flaw that, due to improper access control on the cloud EMS portalʼs user-list interface, allows reading all user information and resetting passwords for obtained accounts. This could enable unauthorized opera...

7.5CVSS5.8AI score0.00039EPSS

Exploits0References1Affected Software1

OSV•added 2026/03/10 8:40 p.m.•1 views

CVE-2026-30954 LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs...

5.3CVSS5.8AI score0.00048EPSS

Exploits0References3

Snyk•added 2025/12/15 10:32 p.m.•4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the REST API. An attacker can access user notification settings or enumerate all users by sending crafted API requests. Remediation Upgrade Weblate to version 5.15 or higher. References - GitHub Commit - GitHu...

5.3CVSS6.8AI score0.00012EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-28006

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00066EPSS

Exploits0References6

Cvelist•added 2025/10/01 12:0 a.m.•9 views

CVE-2025-59687

IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization...

0.00035EPSS

Veracode•added 2025/09/05 10:30 a.m.•2 views

Insecure Direct Object Reference (IDOR)

com.liferay:com.liferay.roles.selector.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control in the groupId parameter of the comliferayrolesselectorwebportletRolesSelectorPortletgroupId, which allows an attacker with organization...

4.8CVSS7AI score0.00066EPSS

Exploits0References7Affected Software1

RedhatCVE•added 2025/08/20 1:35 p.m.•3 views

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...

4.8CVSS6.5AI score0.00066EPSS

OSV•added 2025/08/18 3:30 p.m.•2 views

GHSA-V6XR-V2QG-H22H Liferay Portal Vulnerable to Insecure Direct Object Reference

Github Security Blog•added 2025/08/18 3:30 p.m.•3 views

Exploits0References7

Liferay Portal Vulnerable to Insecure Direct Object Reference

Exploits0References7Affected Software1

OSV•added 2025/08/18 2:15 p.m.•0 views

CVE-2025-43732

2.7CVSS5.8AI score0.00066EPSS

Vulnrichment•added 2025/08/18 1:20 p.m.•2 views

CVE-2025-43732

CVE•added 2025/08/18 1:20 p.m.•13 views

CVE-2025-43732

CVE-2025-43732 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.10, 2024.Q4.0–Q4.7, 2024.Q3.1–Q3.13, 2024.Q2.1–Q2.13, 2024.Q1.1–Q1.17, and 7.4 GA through update 92. The vulnerability is an Insecure Direct Object Reference (IDOR) in the groupId parameter of the _com_liferay...

Exploits0References1Affected Software2

Tenable Nessus•added 2025/08/18 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2020-13357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Gitlab CE/EE versions = 13.1 to = 13.5 to = 13.6 to = 13.1 to = 13.5 to = 13.6 to 13.6.2 allowed an unauthorized user to access the...

4.3CVSS5.1AI score0.00148EPSS

Positive Technologies•added 2024/03/20 12:0 a.m.•4 views

PT-2024-3990

Name of the Vulnerable Software and Affected Versions Progress Telerik Report Server versions 2024 Q1 10.0.24.305 or earlier Description The issue is related to an authentication bypass vulnerability in Progress Telerik Report Server, allowing an unauthenticated attacker to gain access to...

9.9CVSS5.9AI score0.94344EPSS

Exploits14References62

NVD•added 2023/09/12 9:15 p.m.•19 views

CVE-2023-41885

Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...

5.3CVSS5.2AI score0.0035EPSS

Vulnrichment•added 2022/11/15 12:0 a.m.•7 views

CVE-2022-42132

The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, whic...

7AI score0.00328EPSS

Exploits0References3

CNVD•added 2022/10/10 12:0 a.m.•18 views

Unspecified Vulnerability in IBM InfoSphere Information Server (CNVD-2022-68284)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7 that stems fro...

6.5CVSS6.1AI score0.00162EPSS