CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42274

Name of the Vulnerable Software and Affected Versions libsolv affected versions not specified Description A heap buffer overflow occurs when processing a specially crafted .solv file containing negative size values in the repo add solv function. This results in an undersized memory allocation and...

6.5CVSS6AI score0.0035EPSS

Exploits0References29

Tenable Nessus•added 2026/05/20 12:0 a.m.•6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021542)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021542 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: rtsxpci: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its...

5.5CVSS5.7AI score0.00145EPSS

Exploits0References4

NVD•added 2026/05/19 10:16 p.m.•16 views

CVE-2026-34390

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS0.00427EPSS

Exploits0References4

Cvelist•added 2026/05/19 9:54 p.m.•32 views

CVE-2026-34390 MantisBT: Privilege Escalation from Manager to Administrator

5.1CVSS0.00427EPSS

Exploits0References4

RedHat Linux•added 2026/05/19 9:20 a.m.•8 views

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

5.4CVSS6.8AI score0.00347EPSS

Exploits0References9

RedhatCVE•added 2026/05/19 1:58 a.m.•11 views

CVE-2026-8745

A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogstimeradd in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...

6.5CVSS5.5AI score0.00372EPSS

Exploits1References1

Cvelist•added 2026/05/19 12:29 a.m.•42 views

CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS0.0034EPSS

ATTACKERKB•added 2026/05/19 12:29 a.m.•4 views

CVE-2026-33052

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/19 12:29 a.m.•8 views

CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation

CVE•added 2026/05/19 12:29 a.m.•14 views

CVE-2026-33052

MantisBT (MantisBT) versions 2.28.0 and 2.28.1 permit a low-privileged authenticated user with add_profile_threshold to create a global profile by tampering with the user_id in a profile-creation request, enabling an authorization bypass. The issue is fixed in version 2.28.2. Affected component: ...

EUVD•added 2026/05/19 12:29 a.m.•10 views

EUVD-2026-30820

CNNVD•added 2026/05/19 12:0 a.m.•7 views

Mantis Bug Tracker 访问控制错误漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker 2.28.1 and earlier contained a access control vulnerability. This vulnerability stemmed from insufficient access control checks in the ProjectUsersAddCommand, allowing users...

5.1CVSS5.8AI score0.00427EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•20 views

PT-2026-45478

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 6.18.34 Linux kernel versions prior to 6.12.92 Linux kernel versions prior to 6.6.142 Linux kernel versions prior to 6.1.175 Linux kernel versions prior to 5.15.209 Linux...

9.8CVSS6AI score0.93418EPSS

Exploits34References492

OSV•added 2026/05/18 9:16 p.m.•2 views

DEBIAN-CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS

ATTACKERKB•added 2026/05/18 9:16 p.m.•9 views

CVE-2026-27891

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadi...

7.2CVSS5.8AI score0.00522EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/18 9:16 p.m.•30 views

CVE-2026-27891 Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism

7.2CVSS0.00522EPSS

Exploits0References2

RedhatCVE•added 2026/05/18 7:58 p.m.•6 views

CVE-2025-4202

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS5.9AI score0.00237EPSS