CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added yesterday•16 views

CVE-2026-10045 CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

ATTACKERKB•added 2 days ago•3 views

CVE-2026-42863

7.6CVSS5.4AI score0.00049EPSS

Exploits0References3Affected Software1

CVE•added 2 days ago•6 views

CVE-2026-42863

Summary. FlowiseAI’s Flowise product has a mass-assignment vulnerability in the chatflow update endpoint that lets an authenticated user modify server-controlled fields (deployed, isPublic, workspaceId, createdDate, updatedDate, etc.) and reassign a chatflow to another workspace. The issue stems ...

7.6CVSS5.4AI score0.00049EPSS

Cvelist•added 2 days ago•35 views

CVE-2026-42863 Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment

7.6CVSS0.00049EPSS

Wiz blog•added 2 days ago•5 views

Introducing Wiz Cloud Cost: Powering Cost Management and Optimization with Context

Wiz unifies cloud and AI cost visibility to help teams eliminate waste and improve spend efficiency across their AWS, Azure, and GCP environments...

5.5AI score

Exploits0

Nuclei•added 2 days ago•13 views

KevinLAB BEMS (Building Energy Management System) - Backdoor Account

KevinLAB BEMS has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highes...

9CVSS7.1AI score0.13054EPSS

Exploits2References2

4.3CVSS5.5AI score0.00011EPSS

CVE-2025-13874

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

RedhatCVE•added 5 days ago•7 views

CVE-2026-10854

A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enabled galaxies without applying organisation or distribution-based access restrictions, potentially...

5.3CVSS5.4AI score0.00027EPSS

4.3CVSS5.4AI score0.00032EPSS

CVE-2026-28511

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited only the title...

RedhatCVE•added 5 days ago•8 views

CVE-2026-40300

Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...

6.5CVSS5.5AI score0.00033EPSS

Exploits1References1

5.7CVSS5.5AI score0.00011EPSS

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

RedhatCVE•added 5 days ago•7 views

CVE-2026-1829

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS6AI score0.00249EPSS

7.2CVSS5.4AI score0.00046EPSS

CVE-2026-42071

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

8.6CVSS5.5AI score0.00024EPSS

CVE-2026-8629

Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the...

NVD•added 6 days ago•6 views

CVE-2026-10854

5.3CVSS0.00027EPSS

ATTACKERKB•added 6 days ago•5 views

CVE-2026-10854

5.3CVSS5.8AI score0.00027EPSS

EUVD•added 6 days ago•5 views

EUVD-2026-34257

5.3CVSS5.8AI score0.00027EPSS

Patchstack•added 6 days ago•7 views

WordPress Content Visibility for Divi Builder plugin <= 4.02 - Authenticated (Contributor+) Remote Code Execution vulnerability

Authenticated Contributor+ Remote Code Execution vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Content Visibility for Divi Builder versions = 4.02...

8.8CVSS5.8AI score0.00249EPSS

Exploits0References1Affected Software1

Positive Technologies•added 6 days ago•10 views

PT-2026-46224

5.3CVSS5.8AI score0.00027EPSS