CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

925 matches found

RedhatCVE•added 2026/04/29 1:44 a.m.•2 views

CVE-2026-38949

Cross-Site Scripting XSS vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code...

8.9CVSS5.4AI score0.00016EPSS

Exploits0References1

NVD•added 2026/04/28 7:37 p.m.•1 views

CVE-2026-38949

8.9CVSS0.00016EPSS

Exploits0References3

Cvelist•added 2026/04/21 12:50 a.m.•26 views

CVE-2026-39386 Neko has Self-service Privilege Escalation for Authenticated Users

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

8.8CVSS0.00051EPSS

Exploits0References3

Oracle linux•added 2026/04/20 12:0 a.m.•3 views

openexr security update

3.1.1-3.1 - fix CVE-2026-27622...

8.4CVSS5.7AI score0.00023EPSS

Exploits2

Cvelist•added 2026/04/08 8:30 a.m.•17 views

CVE-2026-39674 WordPress MK Google Directions plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through = 3.1.1...

6.5CVSS0.00039EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 8:30 a.m.•2 views

CVE-2026-39674 WordPress MK Google Directions plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability

6.5CVSS5.2AI score0.00039EPSS

Exploits0References1

CNNVD•added 2026/04/08 12:0 a.m.•2 views

WordPress plugin MK Google Directions 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.7AI score0.00039EPSS

Exploits0References1

RedhatCVE•added 2026/04/02 10:55 p.m.•1 views

CVE-2026-34397

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

7CVSS5.8AI score0.00013EPSS

Exploits1References1

NVD•added 2026/04/01 6:16 p.m.•1 views

CVE-2026-34397

7CVSS0.00013EPSS

Exploits1References3

vulnersOsv•added 2026/03/31 10:32 p.m.•5 views

acpx-teams (=0.1.0), arifos (>=2026.2.22 <=2026.4.16) +58 more potentially affected by CVE-2026-27124 via fastmcp (>=3.0.0 <=3.1.1)

fastmcp PYPI version =3.0.0, =2026.2.22, =2026.3.13, =1.0.0, =0.56.0, =0.1.0, =0.3.2, =0.3.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.6.1, =0.6.1, =0.6.12 and more Source cves: CVE-2026-27124 Source advisory: SNYK:PYTHON-FASTMCP-15871030...

8.2CVSS5.8AI score0.00063EPSS

Exploits1

RedhatCVE•added 2026/03/26 3:1 p.m.•1 views

CVE-2026-33250

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...

7.5CVSS5.9AI score0.00089EPSS

Exploits0References1

NVD•added 2026/03/24 12:16 a.m.•2 views

CVE-2026-33250

7.5CVSS0.00089EPSS

Exploits0References4