CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added 18 hours ago•9 views

WP BASE Booking - Reflected XSS

WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...

6.1CVSS7.6AI score0.01485EPSS

Exploits1References1

RedhatCVE•added 20 hours ago•7 views

CVE-2026-44973

Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths e.g., using .. to escape intended base directories. While go-billy was...

8.1CVSS5.5AI score0.00059EPSS

NVD•added yesterday•10 views

CVE-2026-11458

A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...

6.9CVSS0.00032EPSS

ATTACKERKB•added yesterday•8 views

CVE-2026-11458

CVE•added yesterday•18 views

CVE-2026-11458

CVE-2026-11458 affects erzhongxmu JeeWMS Boot Actuator Endpoint. The weakness involves the handling of the /base-boot/actuator path, where a manipulation can cause information disclosure. The vulnerability is exploitable remotely, and exploits have been made public. JeeWMS is on a rolling release...

Cvelist•added yesterday•32 views

CVE-2026-11458 erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure

6.9CVSS0.00032EPSS

Vulnrichment•added yesterday•3 views

CVE-2026-11458 erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure

RedhatCVE•added yesterday•4 views

CVE-2026-11071

An use after free flaw was found in the Base component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499227659...

8.8CVSS5.4AI score0.00068EPSS

RedhatCVE•added yesterday•4 views

CVE-2026-11047

An insufficient validation of untrusted input flaw was found in the Base component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498768132...

9.6CVSS5.4AI score0.00066EPSS

Positive Technologies•added yesterday•8 views

PT-2026-47180

SUSE CVE•added 2 days ago•4 views

Exploits0References6

SUSE CVE-2026-11071

Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.5AI score0.00068EPSS

Exploits0References3

RedhatCVE•added 3 days ago•6 views

CVE-2026-20449

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I...

6.5CVSS6.1AI score0.00032EPSS

6.5CVSS5.7AI score0.00029EPSS

CVE-2026-20450

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch...

RedhatCVE•added 3 days ago•7 views

CVE-2026-8786

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...

6.5CVSS6AI score0.00035EPSS

Exploits1References1

RedhatCVE•added 3 days ago•6 views

CVE-2026-35400

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...

4.3CVSS5.5AI score0.00044EPSS

RedhatCVE•added 3 days ago•6 views

CVE-2025-31973

HCL BigFix Service Management SM is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment...

9.8CVSS5.5AI score0.00027EPSS

5.4CVSS5.3AI score0.00031EPSS

CVE-2026-40230

Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0...

Exploits1References1

9.1CVSS7.3AI score0.00038EPSS

CVE-2026-34279

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Event Management. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

7.1CVSS5.5AI score0.00042EPSS

CVE-2026-41935

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init repeatedly invokes permission on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin...