CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/14 5:30 a.m.•31 views

CVE-2026-8181

CVE-2026-8181 affects Burst Statistics – Privacy-Friendly WordPress Analytics (v3.4.0–3.4.1.1). Root cause: is_mainwp_authenticated() passes authentication when wp_authenticate_application_password() returns null outside the REST API, because the code only checks for WP_Error. This allows an unau...

9.8CVSS5.8AI score0.14608EPSS

In wildExploits9References10

Positive Technologies•added 2026/05/14 12:0 a.m.•9 views

PT-2026-40955

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices...

3CVSS5.8AI score0.00137EPSS

Exploits0References2

CNNVD•added 2026/05/14 12:0 a.m.•9 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the use of basic authorization tokens for authentication. This vulnerability may lead to credentials being intercepted or abused...

3CVSS5.8AI score0.00137EPSS

Tenable Nessus•added 2026/05/14 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline...

NVD•added 2026/05/12 9:16 p.m.•14 views

CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS0.00465EPSS

OSV•added 2026/05/12 9:16 p.m.•8 views

UBUNTU-CVE-2026-44240

CVE•added 2026/05/12 8:37 p.m.•18 views

CVE-2026-44240

CVE-2026-44240 affects the Node.js FTP client basic-ftp . Before version 5.3.1, the client is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious FTP server can send an unterminated multiline response during the initial banner phase, causi...

Debian CVE•added 2026/05/12 8:37 p.m.•8 views

CVE-2026-44240

RedhatCVE•added 2026/05/12 8:20 a.m.•7 views

Exploits0

CVE-2026-8234

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-42855

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.12.0 Description Certain patterns of indefinite length encodings in Basic Encoding Rules BER data can cause quadratic behavior in the parser, leading to a denial of service. These BER encodings were accepted even in...

7.5CVSS5.8AI score0.00324EPSS

Exploits0References8

CNNVD•added 2026/05/12 12:0 a.m.•6 views

Basic FTP 资源管理错误漏洞

Basic FTP is a Node.js FTP client library developed by Patrick Juchli. Versions of Basic FTP prior to 5.3.1 had a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on the size of control responses when parsing multiple lines of the FTP control channel...

7.5CVSS5.8AI score0.00465EPSS

RedhatCVE•added 2026/05/11 8:26 p.m.•7 views

CVE-2026-42333

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...

6.3CVSS5.7AI score0.004EPSS

IBM Security Bulletins•added 2026/05/11 6:21 p.m.•7 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2026-27699)

Summary There are vulnerabilities in basic-ftp-5.0.3.tgz, basic-ftp-5.0.5.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27699. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-27699 DESCRIPTION: The basic-ftp FTP client library for Node.js...

9.8CVSS7.3AI score0.00528EPSS

Exploits2Affected Software1

OSV•added 2026/05/11 2:45 p.m.•4 views

GHSA-587R-MC96-6F2P GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration

Summary The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and...

8.2CVSS5.9AI score0.00198EPSS

OSV•added 2026/05/11 1:14 p.m.•6 views

CLSA-2026-1778505256 python: Fix of 2 CVEs

CVE-2021-3733: fix ReDoS in urllib2 AbstractBasicAuthHandler regex; the legacy '?:.,' prefix is replaced with the upstream-3.x form '?:^|,' and the scheme charset excludes ',' to prevent quadratic backtracking on crafted WWW-Authenticate headers - CVE-2021-23336: stop accepting ';' as a default...

6.5CVSS6.9AI score0.37325EPSS

Exploits2References1

EUVD•added 2026/05/10 9:31 a.m.•13 views

EUVD-2026-28987

Vulnrichment•added 2026/05/10 6:0 a.m.•6 views

Exploits0References5

CVE-2026-8234 EFM ipTIME A8004T WifiBasicSet formWifiBasicSet stack-based overflow

ATTACKERKB•added 2026/05/10 6:0 a.m.•4 views

Exploits0References4

CVE-2026-8234