CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Snyk•added 2026/05/22 5:48 p.m.•7 views

Always-Incorrect Control Flow Implementation

Overview Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the OAuth reauthentication for stale sessions. An attacker can perform unauthorized account actions by completing OAuth verification wit...

7.6CVSS5.8AI score

Exploits0References2

ATTACKERKB•added 2026/04/10 4:3 p.m.•0 views

CVE-2026-35670

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered...

6CVSS5.8AI score0.00096EPSS

Exploits0References5

EUVD•added 2026/04/10 4:3 p.m.•0 views

EUVD-2026-21486

6CVSS5.8AI score0.00096EPSS

Exploits0References4

RedhatCVE•added 2025/12/02 12:19 a.m.•1 views

CVE-2025-63523

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes...

6.5CVSS6.8AI score0.00054EPSS

Exploits1References1

EUVD•added 2025/12/01 3:30 p.m.•2 views

EUVD-2025-200001

6.5CVSS6.3AI score0.00054EPSS

Exploits1References3

Github Security Blog•added 2025/12/01 3:30 p.m.•5 views

FeehiCMS fails to enforce server-side immutability

6.5CVSS6.8AI score0.00054EPSS

Exploits1References4Affected Software1

OSV•added 2025/12/01 3:15 p.m.•2 views

CVE-2025-63523

6.5CVSS6.7AI score0.00054EPSS

Exploits1References2

Vulnrichment•added 2025/12/01 12:0 a.m.•1 views

CVE-2025-63523

6.4AI score0.00054EPSS

Exploits1References2

Cvelist•added 2025/12/01 12:0 a.m.•4 views

CVE-2025-63523

0.00054EPSS

Exploits1References2

Positive Technologies•added 2025/12/01 12:0 a.m.•3 views

PT-2025-48454

6.8AI score0.00054EPSS

Exploits1References3

CVE•added 2025/12/01 12:0 a.m.•4 views

CVE-2025-63523

CVE-2025-63523 : FeehiCMS 2.1.1 fails to enforce server-side immutability for parameters labeled as “read-only.” An authenticated attacker can intercept a parameter in transit, modify it, and have the backend accept the changes, potentially causing unintended username changes. The available docum...

6.5CVSS6.4AI score0.00054EPSS

Exploits1References2Affected Software1

The Hacker News•added 2023/12/05 10:14 a.m.•49 views

15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack

New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. "More than 9,000 repositories are vulnerable to repojacking due to GitHub username changes," Jacob Baines, chief technology officer at VulnCheck, said in a report shared with T...

7.1AI score

Exploits0

FreeBSD•added 2017/10/17 12:0 a.m.•25 views

GitLab -- multiple vulnerabilities

GitLab reports: Cross-Site Scripting XSS vulnerability in the Markdown sanitization filter Yasin Soliman via HackerOne reported a Cross-Site Scripting XSS vulnerability in the GitLab markdown sanitization filter. The sanitization filter was not properly stripping invalid characters from URL schem...

5.5AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by