CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/22 12:0 a.m.•8 views

PT-2026-42729

Name of the Vulnerable Software and Affected Versions Easy Elements for Elementor – Addons & Website Templates versions prior to 1.4.6 Description An issue exists in the easyel handle register function where the wp ajax nopriv eel register AJAX handler processes the custom meta POST array. The...

8.8CVSS5.7AI score0.00029EPSS

Exploits1References9

OSV•added 2026/05/20 11:55 a.m.•3 views

BIT-DISCOURSE-2026-32244 Discourse: Cached outdated summaries can leak removed content

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4, 2026.3.1,...

NVD•added 2026/05/19 12:16 a.m.•8 views

CVE-2026-32244

5.3CVSS0.00092EPSS

ATTACKERKB•added 2026/05/19 12:4 a.m.•5 views

CVE-2026-32244

Exploits0References2Affected Software1

EUVD•added 2026/05/19 12:4 a.m.•7 views

EUVD-2026-30815

CVE•added 2026/05/19 12:4 a.m.•10 views

CVE-2026-32244

Discourse: Cached outdated AI summaries can leak removed content to anonymous/unprivileged users who cannot regenerate summaries. Affected in versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest. Fixed in those versions. Remediation: upgrade to 2026.1.4, 2026.3.1, 2026.4.1, or 2026....

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/19 12:4 a.m.•6 views

CVE-2026-32244 Discourse: Cached outdated summaries can leak removed content

Positive Technologies•added 2026/05/19 12:0 a.m.•11 views

PT-2026-41758

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.1.4 Discourse versions prior to 2026.3.1 Discourse versions prior to 2026.4.1 Discourse versions prior to 2026.5.0-latest.1 Description Outdated cached AI summaries can leak removed content to anonymous and...

CVE•added 2026/05/07 9:7 p.m.•17 views

Exploits0References6

CVE-2026-7891

The CVE-2026-7891 entry documents an authorization misconfiguration in The VerySecureApp (DIVD) built with Mendix Studio Pro 11.8.0 Beta. Anonymous users in the MyFirstModule, tied to the anonymous user role, can access all stored records even when no explicit access rights exist for that role. T...

9.3CVSS5.8AI score0.00059EPSS

Cvelist•added 2026/05/07 9:7 p.m.•28 views

CVE-2026-7891

The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights a...

9.3CVSS0.00059EPSS

CNNVD•added 2026/05/07 12:0 a.m.•5 views

Siemens Mendix Studio Pro 安全漏洞

Siemens Mendix Studio Pro is a visualization model-driven IDE developed by the German company Siemens. Versions of Siemens Mendix Studio Pro 11.8.0 Beta and earlier contained security vulnerabilities. These vulnerabilities were caused by incorrect authorization configurations, which could allow...

9.3CVSS5.8AI score0.00059EPSS

OSV•added 2026/04/29 3:30 p.m.•1 views

GHSA-W22P-4X9F-486V Jenkins GitHub Plugin has an XSS vulnerability

In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL. This results in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with Overall/Re...

9CVSS5.9AI score0.00049EPSS

Positive Technologies•added 2026/04/29 12:0 a.m.•2 views

PT-2026-35917

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Plugin versions prior to 1.46.1 Description Improper processing of the current job URL within the JavaScript used to validate the "GitHub hook trigger for GITScm polling" feature allows non-anonymous attackers with Overall/Read...

9CVSS6AI score0.00049EPSS

Exploits0References5

CNNVD•added 2026/02/26 12:0 a.m.•3 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contain security vulnerabilities. These vulnerabilities stem...

7.5CVSS5.8AI score0.00064EPSS

RedhatCVE•added 2026/01/16 2:23 p.m.•4 views

CVE-2026-0713

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

8.3CVSS6.7AI score0.00037EPSS

RedhatCVE•added 2026/01/07 9:9 a.m.•6 views

CVE-2024-2862

This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant...

9.8CVSS7.2AI score0.74563EPSS

vulnersOsv•added 2025/10/21 9:33 p.m.•5 views

com.liferay.content-targeting:com.liferay.content.targeting.analytics.api (>=2.0.1 <=3.0.0), com.liferay.content-targeting:com.liferay.content.targeting.anonymous.users.api (>=2.0.1 <=2.0.2) +316 more potentially affected by CVE-2025-62249 via com.liferay.portal:com.liferay.portal.impl (>=114.1.0 <=62.0.1)

com.liferay.portal:com.liferay.portal.impl MAVEN version =114.1.0, =2.0.1, =2.0.1, =3.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.20, =1.0.0, =1.0.0, =2.0.13 and more Source cves: CVE-2025-62249 Source a...

6.9CVSS5.8AI score0.00025EPSS

Exploits0

RedhatCVE•added 2025/10/16 4:1 p.m.•2 views

CVE-2025-61933

A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.1CVSS5.8AI score0.00033EPSS