CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2 days ago•7 views

PT-2026-47127

Name of the Vulnerable Software and Affected Versions MDJM Event Management plugin for WordPress versions prior to 1.7.8.4 Description The plugin allows arbitrary file upload because it does not perform validation on the file type, extension, or MIME type of uploaded files. This issue occurs with...

7.2CVSS6AI score0.00358EPSS

Exploits1References12

RedhatCVE•added 3 days ago•5 views

CVE-2026-7090

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/sendmessage.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public...

4.8CVSS3.8AI score0.00012EPSS

RedhatCVE•added 3 days ago•5 views

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

4.3CVSS5.5AI score0.00138EPSS

RedhatCVE•added 3 days ago•5 views

CVE-2026-25602

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

4.4CVSS5.4AI score0.00007EPSS

RedhatCVE•added 3 days ago•6 views

CVE-2026-10068

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...

7.5CVSS6.8AI score0.0005EPSS

RedhatCVE•added 3 days ago•6 views

CVE-2026-37536

miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a 2016-10-05 contains a stack buffer overflow in senddiagnosticrequest. A 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 receives memcpy at offset 1+pidlength with payloadlength bytes. MAXUDSREQUESTPAYLOADLENGTH=7, so 1+2+7=10 exceeds...

8.8CVSS5.8AI score0.00021EPSS

RedhatCVE•added 3 days ago•4 views

CVE-2026-40943

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

8.7CVSS5.7AI score0.00055EPSS

OSV•added 3 days ago•5 views

GHSA-W342-MJ6G-V9C4 Klever-Go KVM: Hash-array amplification in P2P resolver request handling

Summary A connected peer can send a compressed RequestDataTypeHashArrayType direct request that is only 442 bytes on the wire but expands into 200000 decoded hash entries inside the resolver path. On klever-go v1.7.17, this allows remote memory and CPU amplification against nodes that accept P2P...

7.5CVSS5.5AI score

Exploits0References3

Github Security Blog•added 3 days ago•11 views

Klever-Go KVM: Hash-array amplification in P2P resolver request handling

8.6CVSS5.5AI score0.00052EPSS

Exploits0References3Affected Software1

RedhatCVE•added 5 days ago•3 views

CVE-2026-10264

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

Vulnrichment•added 5 days ago•4 views

CVE-2026-10703 EIPStackGroup OpENer SendRRData cipmessagerouter.c CreateMessageRouterRequestStructure use after free

A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible...

6.5CVSS6.1AI score0.00046EPSS

Exploits0References7

Positive Technologies•added 5 days ago•8 views

PT-2026-45897

6.5CVSS5.3AI score0.00046EPSS

NVD•added last week•9 views

CVE-2026-10264

5.1CVSS0.00033EPSS

Vulnrichment•added last week•5 views

CVE-2026-10264 lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal

EUVD•added last week•7 views

EUVD-2026-33646

ATTACKERKB•added last week•4 views

CVE-2026-10264

Exploits0References8Affected Software1

CVE•added last week•15 views

CVE-2026-10264

CVE-2026-10264 affects lharries whatsapp-mcp 0.0.1. The vulnerability is in the SendMessageRequest function of whatsapp-bridge/main.go, where manipulation of the mediaPath argument enables path traversal. The exploit has been publicly disclosed. A patch is available (patch name: 6657cdceadd361e8f...

CVE•added 2026/06/01 12:0 a.m.•11 views

CVE-2025-55664

CVE-2025-55664: A heap buffer overflow in GPAC MP4Box v2.4 affects the m2tsdmx_send_packet function (filters/dmx_m2ts.c). This can lead to Denial of Service when processing a crafted MP4 file. Connected sources confirm the vulnerable component and impact; no explicit exploitation details or activ...

5.5CVSS6AI score0.00017EPSS

Exploits0References4

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45426