CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

Cvelist•added 2026/05/19 9:19 a.m.•28 views

CVE-2026-46721 Broken Access Control in extension "Frontend User Registration" (sf_register)

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

6.9CVSS0.00069EPSS

Exploits0References1

CNNVD•added 2026/04/06 12:0 a.m.•2 views

Amazon Web Services Research and Engineering Studio 安全漏洞

The Amazon Web Services Research and Engineering Studio is a cloud-based research and engineering environment provided by Amazon, Inc. Versions of the Amazon Web Services Research and Engineering Studio prior to version 2026.03 contained security vulnerabilities. These vulnerabilities stemmed fro...

8.8CVSS7.4AI score0.0007EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-7626

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00501EPSS

Exploits1References7

CNNVD•added 2025/09/03 12:0 a.m.•2 views

WordPress plugin Fluent Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

6.5CVSS6.8AI score0.00704EPSS

Exploits0References4

OSV•added 2024/06/05 5:24 p.m.•7 views

GHSA-VH6J-WV25-8QXR Flow Bugfix Releases for Entity Security

If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user like the company he belongs to, entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from...

7.8AI score

Exploits0References3

Veracode•added 2024/04/29 5:39 a.m.•18 views

Improper Check For Unusual Or Exceptional Conditions

Mattermost Server is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is caused due to inadequate validation of custom status values in the user properties within user.go.This allows an attacker to crash users' web clients by submitting malformed custom status...

4.3CVSS6.8AI score0.00193EPSS

Exploits0References7Affected Software1

SUSE CVE•added 2023/02/15 3:37 a.m.•1 views

SUSE CVE-2021-41039

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service...

7.5CVSS7.3AI score0.0025EPSS

Exploits1References3

CNVD•added 2022/02/23 12:0 a.m.•17 views

Checkmk Cross-Site Scripting Vulnerability (CNVD-2022-21231)

Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk, which stems from Checkmk version = 2.0.0p19. When creating or editing user properties, Help Text is affected by HTML injection, which can be triggered when editing a user. An attacker could use this vulnerability to...

6.1CVSS1.5AI score0.00371EPSS

Exploits0References1

CNNVD•added 2022/02/21 12:0 a.m.•1 views

Checkmk 跨站脚本漏洞

6.1CVSS5.3AI score0.00371EPSS

Exploits0References3

OSV•added 2022/01/22 11:3 a.m.•1 views

OESA-2022-1498 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

7.5CVSS6.6AI score0.0025EPSS

Exploits1References2

OSV•added 2021/12/01 8:15 p.m.•0 views

UBUNTU-CVE-2021-41039

7.5CVSS7.1AI score0.0025EPSS

Exploits1References4

Prion•added 2018/07/13 8:29 p.m.•11 views

Default credentials

In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another user, e.g. change...

4CVSS6.9AI score0.00285EPSS

Exploits0References3Affected Software1

OSV•added 2017/06/05 2:29 p.m.•1 views

CVE-2017-8438

Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas...

8.8CVSS5.7AI score0.00411EPSS

Exploits0References3

Elastic•added 2017/06/01 4:29 p.m.•3 views

Elastic Stack 5.4.1 and 5.3.3 Security updates

X-Pack 5.4.1 privilege escalation ESA-2017-06 X-Pack 5.4.1 has been released which fixes a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user...

8.8CVSS6.3AI score0.00411EPSS

Exploits0