CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/04/14 11:12 p.m.•3 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of certain admin JSON endpoints, specifically categoryAddNew.json.php, categoryDelete.json.php, and...

7.1CVSS6AI score0.00166EPSS

Exploits1References2

RedhatCVE•added 2026/04/14 7:24 p.m.•4 views

CVE-2026-6118

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function addmcpserver of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out...

6.5CVSS6.3AI score0.02304EPSS

RedhatCVE•added 2026/04/14 7:23 p.m.•5 views

CVE-2026-6037

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCHID causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

7.5CVSS6.9AI score0.00259EPSS

Information Security Automation•added 2026/04/14 3:0 p.m.•7 views

About Remote Code Execution - Adobe Reader (CVE-2026-34621) vulnerability

About Remote Code Execution - Adobe Reader CVE-2026-34621 vulnerability. Adobe Acrobat Reader from 2003 to 2015, "Adobe Reader" is a free PDF viewer developed by Adobe. Versions are available for Windows, macOS, Android, and iOS. The remote code execution vulnerability in Adobe Acrobat for Window...

8.6CVSS8.2AI score0.07086EPSS

Exploits4

Tenable Nessus•added 2026/04/14 12:0 a.m.•1 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-096 (ALASNITRO-ENCLAVES-2026-096)

The version of oci-add-hooks installed on the remote host is prior to 0-0.8.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-096 advisory. url.Parse insufficiently validated the host/authority component and accepted some...

Amazon•added 2026/04/14 12:0 a.m.•6 views

Medium: oci-add-hooks

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.0052EPSS

Exploits0

Tenable Nessus•added 2026/04/14 12:0 a.m.•5 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-110 (ALASDOCKER-2026-110)

The version of oci-add-hooks installed on the remote host is prior to 0-0.8.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-110 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

Tenable Nessus•added 2026/04/14 12:0 a.m.•3 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2026-104 (ALASECS-2026-104)

The version of oci-add-hooks installed on the remote host is prior to 0-0.8.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-104 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

Amazon•added 2026/04/14 12:0 a.m.•8 views

Medium: oci-add-hooks

7.5CVSS5.9AI score0.0052EPSS

Exploits0

Amazon•added 2026/04/14 12:0 a.m.•8 views

Medium: oci-add-hooks

7.5CVSS5.9AI score0.0052EPSS

Exploits0

RedhatCVE•added 2026/04/13 7:23 p.m.•2 views

CVE-2026-5144

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This is due to the group blog settings handler accepting the groupblog-blogid, default-member, and groupblog-silent-add parameters from user input without proper...

8.8CVSS5.6AI score0.00406EPSS

Packet Storm•added 2026/04/13 12:0 a.m.•70 views

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Prima Nota module. CVE-2026-24419: OpenSTAManager has a SQL Injection in the Prima Nota module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24419 | | Severity | HIGH | | Advisory | View...

8.7CVSS5.9AI score0.00344EPSS

Exploits3

Tenable Nessus•added 2026/04/13 12:0 a.m.•0 views

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1575)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1575 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or...