Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (4 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-54103 2 Civilian Board Of Contract Appeals, Government Accountability Office 2 Electronic Docketing System (eds), Electronic Protest Docketing System (epds) 2026-06-20 9.8 Critical
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could change an arbitrary user's password.
CVE-2026-54104 2 Civilian Board Of Contract Appeals, Government Accountability Office 2 Electronic Docketing System (eds), Electronic Protest Docketing System (epds) 2026-06-20 8.8 High
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) trusts client-provided values for the 'epds_role_id' parameter without verification, allowing a remote, authenticated attacker to escalate their own privileges.
CVE-2026-54105 2 Civilian Board Of Contract Appeals, Government Accountability Office 2 Electronic Docketing System (eds), Electronic Protest Docketing System (epds) 2026-06-20 5.3 Medium
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a request containing an arbitrary 'user_id' parameter and receive a JSON response containing account-specific information, including the associated email address.
CVE-2026-54106 2 Civilian Board Of Contract Appeals, Government Accountability Office 2 Electronic Docketing System (eds), Electronic Protest Docketing System (epds) 2026-06-20 4.7 Medium
The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network access controls and log in.