CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:14 p.m.•6 views

CVE-2026-4345

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS5.9AI score0.00204EPSS

RedhatCVE•added 2026/06/05 7:14 p.m.•4 views

CVE-2026-4145

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges...

8.5CVSS6.2AI score0.00196EPSS

RedhatCVE•added 2026/06/05 7:14 p.m.•7 views

CVE-2026-22619

Eaton Intelligent Power Protector IPP is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on th...

9.9CVSS6.1AI score0.00324EPSS

RedhatCVE•added 2026/06/05 7:14 p.m.•9 views

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS6.5AI score0.0064EPSS

RedhatCVE•added 2026/06/05 7:12 p.m.•8 views

CVE-2026-39454

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...

8.5CVSS7.4AI score0.00112EPSS

RedhatCVE•added 2026/06/05 7:12 p.m.•7 views

CVE-2026-44643

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2...

10CVSS6.1AI score0.00476EPSS

RedhatCVE•added 2026/06/05 7:11 p.m.•8 views

CVE-2026-44262

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS5.9AI score0.0586EPSS

Exploits3References1

NVD•added 2026/06/05 6:17 p.m.•12 views

CVE-2026-50733

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval, allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview window.eval and presentation mode plus HTML export the bundled WaveDrom.ProcessAll/ev...

8.8CVSS0.00362EPSS

NVD•added 2026/06/05 6:17 p.m.•8 views

CVE-2026-49493

Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...

8.8CVSS0.00327EPSS

CVE•added 2026/06/05 5:49 p.m.•17 views

CVE-2026-50733

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), enabling arbitrary JavaScript execution across render paths (live preview, presentation mode, and HTML export via WaveDrom.ProcessAll()/eva()). Attack vector includes a crafted m...

8.8CVSS5.8AI score0.00362EPSS

Cvelist•added 2026/06/05 5:49 p.m.•31 views

CVE-2026-50733 Markdown Preview Enhanced Arbitrary Code Execution via WaveDrom eval()

8.8CVSS0.00362EPSS

Vulnrichment•added 2026/06/05 5:49 p.m.•8 views

CVE-2026-50733 Markdown Preview Enhanced Arbitrary Code Execution via WaveDrom eval()

8.8CVSS5.8AI score0.00362EPSS

Cvelist•added 2026/06/05 5:49 p.m.•29 views

CVE-2026-49493 Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()

8.8CVSS0.00327EPSS

CVE•added 2026/06/05 5:49 p.m.•23 views

CVE-2026-49493

Markdown Preview Enhanced prior to 0.8.28 runs Bitfield fenced code blocks containing interpretJS(), which evaluates code via vm.runInNewContext(), enabling arbitrary server-side code execution when rendering or exporting a document. The issue’s root cause is that Bitfield definitions were treate...

8.8CVSS5.9AI score0.00327EPSS

Snyk•added 2026/06/05 4:14 p.m.•13 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the NTFS handler that miscalculates compression-unit buffer size in GetCuSize function. An attacker can achieve arbitrary code execution or application crash by sending data with specially crafted...

8.8CVSS6.4AI score0.00938EPSS

Exploits1References4

OSV•added 2026/06/05 3:48 p.m.•7 views

OESA-2026-2571 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

4.3CVSS8.4AI score0.0036EPSS

Exploits2References2

OSV•added 2026/06/05 3:48 p.m.•8 views

OESA-2026-2547 htslib security update

HTSlib is an implementation of a unified C library for accessing common file formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data, and is the core library used by samtools and bcftools. HTSlib only depends on zlib. It is known to be compatible with gcc, g++ and clang. HTSl...

8.8CVSS6.2AI score0.00361EPSS