CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 9 hours ago•4 views

CVE-2026-44208 Frappe: IDOR in `submit_discussion()`

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submitdiscussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS

EUVD•added 9 hours ago•2 views

EUVD-2026-36485

6.9CVSS5.2AI score

Positive Technologies•added 23 hours ago•4 views

PT-2026-48891

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit discussion" endpoint allows for unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0...

6.9CVSS5.2AI score

Exploits0References2

Github Security Blog•added 4 days ago•6 views

nebula-mesh's web UI lacks CSRF tokens on /ui/* mutating endpoints

Every /ui/ POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. SameSite=Lax on the session cookie prevents most cross-site form submits but does not protect: - top-level form-submit navigations from third-party pages some browsers still send Lax cookie...

5.3AI score

Exploits0References2Affected Software1

Positive Technologies•added 4 days ago•5 views

PT-2026-47385

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3d get extensions walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can craft a...

5.4AI score0.00017EPSS

Exploits0References4

Positive Technologies•added 4 days ago•6 views

PT-2026-47542

7CVSS5.3AI score

Exploits0References3

RedhatCVE•added 2026/06/05 7:48 p.m.•4 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

6.1CVSS5.6AI score0.00034EPSS

RedhatCVE•added 2026/06/05 7:39 p.m.•6 views

CVE-2026-7879

In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...

6.3CVSS5.5AI score0.0003EPSS

RedhatCVE•added 2026/06/05 7:18 p.m.•5 views

CVE-2026-9479

A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has...

9CVSS8.2AI score0.00046EPSS

RedhatCVE•added 2026/06/05 7:17 p.m.•5 views

CVE-2026-6514

The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

7.5CVSS5.6AI score0.00084EPSS

RedhatCVE•added 2026/06/05 7:11 p.m.•5 views

CVE-2026-8137

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS7.8AI score0.00099EPSS

RedHat Linux•added 2026/06/04 1:4 p.m.•4 views

kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

9.8CVSS6.3AI score0.00102EPSS

RedhatCVE•added 2026/06/02 4:1 p.m.•9 views

CVE-2026-10181

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made...

9CVSS6.2AI score0.00048EPSS

NVD•added 2026/05/31 1:16 p.m.•9 views

CVE-2026-10181

9CVSS0.00048EPSS

ATTACKERKB•added 2026/05/31 12:45 p.m.•10 views

CVE-2026-10181

Exploits0References5Affected Software1

EUVD•added 2026/05/31 12:45 p.m.•7 views

EUVD-2026-33503

Vulnrichment•added 2026/05/31 12:45 p.m.•6 views

CVE-2026-10181 TRENDnet TEW-432BRP formSysCmd stack-based overflow

Positive Technologies•added 2026/05/31 12:0 a.m.•8 views

PT-2026-45193

RedhatCVE•added 2026/05/29 8:13 p.m.•11 views

Exploits0References6

CVE-2026-9346

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has bee...

9CVSS7.5AI score0.00048EPSS