CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added yesterday•7 views

PT-2026-47154

🚨 Critical - Sandbox Escape & RCE in Cursor AI Editor CVE-2026-50549, CVE-2026-50548 Two critical vulnerabilities have been disclosed in Cursor's AI agent sandbox. Malicious agents can exploit canonicalization failures via symlinks or manipulate the working directory parameter to write arbitrary...

5.9AI score

Positive Technologies•added yesterday•7 views

PT-2026-47127

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm send comm email function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00358EPSS

Exploits1References10

Tenable Nessus•added yesterday•4 views

RHEL 10 : unbound (RHSA-2026:23231)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23231 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash...

10CVSS5.8AI score0.00322EPSS

Exploits0References8

Tenable Nessus•added yesterday•6 views

Google Chrome < 149.0.7827.53 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.53. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop advisory. - Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a...

9.6CVSS6.3AI score0.04468EPSS

Exploits1References859

Positive Technologies•added yesterday•5 views

PT-2026-47155

cursor CVE-2026-50549 + 50548 is the agent sandbox escape story of the week. symlink canonicalization failure + a writable working directory = the agent walks itself out of the box and runs as you. anyone on an older cursor build right now is a bug bounty program's easiest p1...

5.5AI score

Exploits0References2

Tenable Nessus•added yesterday•3 views

EulerOS Virtualization 2.10.0 : python-ply (EulerOS-SA-2026-2062)

According to the versions of the python-ply package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile...

9.8CVSS6.5AI score0.00846EPSS

Tenable Nessus•added yesterday•3 views

EulerOS Virtualization 2.12.1 : python-ply (EulerOS-SA-2026-2087)

9.8CVSS6.3AI score0.00846EPSS

Tenable Nessus•added yesterday•4 views

EulerOS Virtualization 2.10.1 : python-ply (EulerOS-SA-2026-2035)

9.8CVSS8.6AI score0.00846EPSS

NVD•added 2 days ago•7 views

CVE-2026-7654

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS0.00468EPSS

GithubExploit•added 2 days ago•32 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 Next.js: CVE-2025-66478Unauthenti...

10CVSS8AI score0.84489EPSS

Exploits376

Cvelist•added 2 days ago•23 views

CVE-2026-7654 Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value

8.8CVSS0.00468EPSS

Vulnrichment•added 2 days ago•5 views

CVE-2026-7654 Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value

8.8CVSS6.6AI score0.00468EPSS

CVE•added 2 days ago•12 views

CVE-2026-7654

The Admin Columns plugin for WordPress (up to version 7.0.18) is vulnerable to PHP Object Injection that leads to Remote Code Execution. Root cause: unserialize() used without an allowed_classes restriction in IdsToCollection::get_ids_from_string(), processing attacker-controlled post meta values...

8.8CVSS6.6AI score0.00468EPSS

ATTACKERKB•added 2 days ago•5 views

CVE-2026-7654

8.8CVSS6.6AI score0.00468EPSS

Exploits0References11

NVD•added 2 days ago•4 views

CVE-2026-11429

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS0.00437EPSS

OSV•added 2 days ago•3 views

MAL-2026-5273 Malicious code in anthropy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f399f7bce64b482a85876e01829154fd6031d69466c7d46543f1126eb12f854 During import, the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score

CVE•added 2 days ago•15 views

CVE-2026-11429

Summary: CVE-2026-11429 describes a path traversal in the Git Service shared by Altium Enterprise Server and Altium 365. An authenticated user with basic git access can perform post-clone file-manipulation using unvalidated paths to move attacker-controlled content outside the repository, enablin...

9.4CVSS6.4AI score0.00437EPSS

Cvelist•added 2 days ago•22 views

CVE-2026-11429 Path Traversal in Altium Git Service Allows Remote Code Execution

9.4CVSS0.00437EPSS