CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

228 matches found

CVE-2026-9092

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...

9.1CVSS5.8AI score0.00039EPSS

Exploits0References1

CNNVD•added 3 days ago•4 views

Apache Directory LDAP API security vulnerability

The Apache Directory LDAP API is a LDAP protocol development framework created by the Apache Foundation in the United States. There were security vulnerabilities in the Apache Directory LDAP API between versions 2.0.0 and 2.1.7. These vulnerabilities stemmed from incomplete TLS server...

8.8CVSS5.8AI score0.00038EPSS

Exploits0References2

Positive Technologies•added 3 days ago•8 views

PT-2026-45493

Summary Nezha accepts service-monitor TaskResult messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify that the...

7.1CVSS5.8AI score

Exploits0References4

NVD•added 6 days ago•7 views

CVE-2026-9189

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

5.3CVSS0.00033EPSS

Exploits0References8

EUVD•added 6 days ago•5 views

EUVD-2026-33265

5.3CVSS5.9AI score0.00033EPSS

Exploits0References8

NVD•added last week•7 views

CVE-2026-9092

9.1CVSS0.00039EPSS

Exploits0References1

Vulnrichment•added last week•6 views

CVE-2026-9092 CVE-2026-9092

5.8AI score0.00039EPSS

Exploits0References1

ATTACKERKB•added last week•4 views

CVE-2026-9092

5.8AI score0.00039EPSS

Exploits0References2

CVE•added last week•17 views

CVE-2026-9092

Casdoor, versions 2.362.0 and earlier, contains a vulnerability in the binding logic: the getExistUserByBindingRule function matches users by email without validating the email_verified claim from upstream providers, and the idp.UserInfo struct does not include an EmailVerified field. This can al...

9.1CVSS5.8AI score0.00039EPSS

Exploits0References1

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from a cross-organizational token exchange issue. The...

5.8AI score0.00054EPSS

Exploits0References1

NVD•added 2026/05/27 3:16 p.m.•7 views

CVE-2026-9712

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS0.00043EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 2:35 p.m.•3 views

CVE-2026-9712 Insecure direct object reference

7CVSS5.8AI score0.00043EPSS

Exploits0References1

AlpineLinux•added 2026/05/27 10:2 a.m.•9 views

CVE-2026-3012

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00005EPSS

Exploits0

CNNVD•added 2026/05/27 12:0 a.m.•4 views

UFO³ 数据伪造问题漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a data manipulation vulnerability. This vulnerability arises from the fact that task responses are tracked using only the sessionid without verifyi...

5.9CVSS5.7AI score0.00027EPSS

Exploits0References1

UbuntuCve•added 2026/05/26 5:16 p.m.•7 views

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

7.4CVSS5.8AI score0.00019EPSS

Exploits0References4

Debian CVE•added 2026/05/26 12:0 a.m.•4 views

CVE-2026-48697

7.4CVSS5.8AI score0.00019EPSS

Exploits0

ATTACKERKB•added 2026/05/26 12:0 a.m.•8 views

CVE-2026-48697

5.8AI score0.00019EPSS

Exploits0References4

ATTACKERKB•added 2026/05/22 6:43 p.m.•6 views

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS5.8AI score0.00031EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/22 6:43 p.m.•6 views

CVE-2026-39969 TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification

6.5CVSS5.8AI score0.00031EPSS

Exploits0References2