CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/29 1:32 p.m.•31 views

CVE-2026-44698

CVE-2026-44698 affects the Home Assistant Companion apps for Android and iOS, where a JavaScript bridge exposed to in-app WebView could be reached by all frames. The root cause is the bridge exposure along with unsanitized interpolation of the JavaScript callback identifier, allowing a cross-orig...

Vulnrichment•added 2026/05/29 1:32 p.m.•14 views

CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

ATTACKERKB•added 2026/05/29 1:32 p.m.•5 views

CVE-2026-44698

Exploits0References2Affected Software3

Cvelist•added 2026/05/29 1:32 p.m.•30 views

CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

8.3CVSS0.00114EPSS

NVD•added 2026/05/29 9:16 a.m.•17 views

CVE-2026-6075

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an...

8.1CVSS0.00222EPSS

OSV•added 2026/05/29 8:48 a.m.•8 views

BIT-MLFLOW-2026-2611 Improper Origin Validation in mlflow/mlflow

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

9.6CVSS7.6AI score0.00294EPSS

Exploits1References3

CVE•added 2026/05/29 7:46 a.m.•12 views

CVE-2026-6075

The Media Library Assistant WordPress plugin is affected by a Cross-Site Request Forgery (CSRF) vulnerability up to version 3.35 due to missing nonce verification on bulk action handlers in the settings tab. This could allow an unauthenticated attacker to trick an administrator into performing bu...

Vulnrichment•added 2026/05/29 7:46 a.m.•6 views

CVE-2026-6075 Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form

Cvelist•added 2026/05/29 7:46 a.m.•35 views

CVE-2026-6075 Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form

8.1CVSS0.00222EPSS

EUVD•added 2026/05/29 7:46 a.m.•10 views

EUVD-2026-33258

CNNVD•added 2026/05/29 12:0 a.m.•7 views

Home Assistant 安全漏洞

Home Assistant is an open-source family automation management system developed by Home Assistant. This system is primarily used to control household automation devices. Versions of Home Assistant prior to 2026.4.1 for iOS and 2026.4.4 for Android have security vulnerabilities. These vulnerabiliti...

CNNVD•added 2026/05/29 12:0 a.m.•5 views

WordPress plugin Media Library Assistant 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Positive Technologies•added 2026/05/29 12:0 a.m.•6 views

PT-2026-44845

Name of the Vulnerable Software and Affected Versions Home Assistant Companion app for iOS versions prior to 2026.4.1 Home Assistant Companion app for Android versions prior to 2026.4.4 Description The Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app...

8.3CVSS6AI score0.00114EPSS

Exploits0References4

Patchstack•added 2026/05/28 6:57 p.m.•5 views

WordPress Media Library Assistant plugin <= 3.35 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Media LIbrary Assistant versions = 3.35...