CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64 matches found

RedhatCVE•added 2026/06/05 7:21 p.m.•5 views

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

9.9CVSS5.4AI score0.00297EPSS

Exploits0References1

Vulnrichment•added 2026/05/04 5:42 a.m.•5 views

CVE-2026-29200

9.9CVSS5.8AI score0.00297EPSS

Exploits0References1

Cvelist•added 2026/05/04 5:42 a.m.•40 views

CVE-2026-29200

9.9CVSS0.00297EPSS

Exploits0References1

Positive Technologies•added 2026/05/04 12:0 a.m.•9 views

PT-2026-36771

Name of the Vulnerable Software and Affected Versions Comet Backup versions 20.11.0 through 26.1.1 Comet Backup version 26.2.1 Description An Insecure Direct Object Reference IDOR—a flaw where an application provides direct access to objects based on user-supplied input—exists that allows a tenan...

9.9CVSS5.8AI score0.00297EPSS

Exploits0References4

RedhatCVE•added 2026/03/07 7:59 a.m.•7 views

CVE-2026-25888

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1...

8.8CVSS6.3AI score0.0066EPSS

Exploits1References1

EUVD•added 2026/03/06 4:7 a.m.•7 views

EUVD-2026-9977

8.8CVSS6.5AI score0.0066EPSS

Exploits1References2

CVE•added 2026/03/06 4:7 a.m.•10 views

CVE-2026-25888

CVE-2026-25888 affects Chartbrew, an open‑source web application that can connect to databases and APIs to generate charts. A remote code execution vulnerability exists in versions prior to 4.8.1 through a vulnerable API, enabling an attacker with network access and low privileges, with no user i...

8.8CVSS6.5AI score0.0066EPSS

Exploits1References2Affected Software1

OSV•added 2026/03/06 4:7 a.m.•4 views

CVE-2026-25888 Chartbrew: Remote Code Execution (RCE) via Vulnerable API

8.8CVSS6.3AI score0.0066EPSS

Exploits1References4

Positive Technologies•added 2026/03/06 12:0 a.m.•5 views

PT-2026-23637

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.1 Description Chartbrew is a web application designed for connecting to databases and APIs to create charts. A remote code execution issue exists in versions before 4.8.1 due to a vulnerable API. The issue has...

8.8CVSS6.3AI score0.0066EPSS

Exploits1References12

OSV•added 2026/01/21 11:15 a.m.•3 views

CVE-2026-0663

Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint...

4.9CVSS5.8AI score0.00374EPSS

Exploits0References2

NVD•added 2026/01/21 11:15 a.m.•2 views

CVE-2026-0663

6.9CVSS0.00374EPSS

Exploits0References2

CVE•added 2026/01/21 10:29 a.m.•11 views

CVE-2026-0663

CVE-2026-0663 is a denial-of-service vulnerability in M-Files Server prior to version 26.1.15632.3 . An authenticated attacker with vault administrator privileges can crash the M-Files Server process by calling a vulnerable API endpoint, causing a server availability impact. Public details identi...

6.9CVSS5.5AI score0.00374EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/01/21 10:29 a.m.•3 views

CVE-2026-0663 Denial of Service condition in M-Files Server

6.9CVSS5.5AI score0.00374EPSS

Exploits0References2

EUVD•added 2026/01/21 10:29 a.m.•2 views

EUVD-2026-3685

6.9CVSS5.5AI score0.00374EPSS

Exploits0References3

Cvelist•added 2026/01/21 10:29 a.m.•19 views

CVE-2026-0663 Denial of Service condition in M-Files Server