CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

273 matches found

RedhatCVE•added 2026/01/09 12:37 p.m.•4 views

CVE-2023-50110

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used...

7.5CVSS7.3AI score0.00297EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:10 p.m.•7 views

CVE-2018-18891

MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete= because the authentication check occurs too late...

7.5CVSS7.1AI score0.0038EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:35 a.m.•6 views

CVE-2021-41511

The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication...

9.8CVSS8.1AI score0.00492EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:27 a.m.•3 views

CVE-2021-33658

atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration...

7.8CVSS7.2AI score0.00021EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:17 a.m.•5 views

CVE-2019-18250

In all versions of ABB Power Generation Information Manager PGIM and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device...

9.8CVSS7.1AI score0.00123EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:55 a.m.•4 views

CVE-2020-12627

Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX RXHH!jmNLWX/,?RT' hardcoded secret key...

9.8CVSS7.3AI score0.00132EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:36 a.m.•5 views

CVE-2019-7163

The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40LU02.0002 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password...

9.8CVSS7.4AI score0.03824EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:14 a.m.•4 views

CVE-2024-2447

Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action...

6.5CVSS6.5AI score0.00145EPSS

Exploits0References1