CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/21 12:0 a.m.•12 views

PT-2026-42465

Name of the Vulnerable Software and Affected Versions Apex One on-premise versions prior to SP1 Build 18012 Apex One new installs versions prior to 17079 Apex One SaaS agent versions prior to 14.0.20731 Description A directory traversal issue in the on-premise management server allows an attacker...

6.7CVSS6.9AI score0.01112EPSS

Exploits0References48

RedhatCVE•added 2026/05/20 7:57 p.m.•6 views

CVE-2026-46586

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

8.8CVSS5.8AI score0.0055EPSS

NVD•added 2026/05/20 11:16 a.m.•11 views

CVE-2026-22314

Improper Control of Generation of Code 'Code Injection' vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

9CVSS0.00387EPSS

OSV•added 2026/05/20 10:36 a.m.•11 views

MAL-2026-4736 Malicious code in yessir-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...

5.9AI score

Cvelist•added 2026/05/20 10:29 a.m.•38 views

CVE-2026-22314

9CVSS0.00387EPSS

EUVD•added 2026/05/20 10:29 a.m.•6 views

EUVD-2026-31090

ATTACKERKB•added 2026/05/20 10:29 a.m.•4 views

CVE-2026-22314

Vulnrichment•added 2026/05/20 10:29 a.m.•6 views

CVE-2026-22314

CVE•added 2026/05/20 10:29 a.m.•11 views

CVE-2026-22314

The CVE-2026-22314 entry concerns Mesalvo Meona’s Client Launcher Component and Meona Server Component, affected by an Improper Control of Generation of Code (Code Injection) vulnerability that enables code execution on other users’ systems. According to the data, the Client Launcher Component is...

Snyk•added 2026/05/20 9:41 a.m.•3 views

Arbitrary Code Injection

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via template name handling in the % use % tag compilation path. An attacker can execute arbitrary PHP code by supplying a crafted template nam...

9.8CVSS6.1AI score0.00357EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в libssh

A flaw was discovered in libssh. By using the ProxyCommand or ProxyJump feature, users can exploit unvalidated hostname syntax on the client side. This issue may allow an attacker to inject malicious code into the commands related to these features via the hostname parameter...

4.8CVSS6.8AI score0.00449EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в libimage-exiftool-perl

A vulnerability was detected in ExifTool version 13.53. The issue affects the Processmrld function in the lib/Image/ExifTool/GM.pm file, specifically in the JPEG/QuickTime/MOV/MP4 component. Manipulating the -ee argument leads to code injection. Local attacks are required to exploit this...

5.3CVSS5.9AI score0.0018EPSS

CNNVD•added 2026/05/20 12:0 a.m.•7 views

PhoenixStorybook 代码注入漏洞

PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.5.0 to 1.1.0 had a code injection vulnerability. This vulnerability stemmed from uncleaned attribute value interpolation, which led to code...

9.5CVSS6AI score0.00847EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42141

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42179

Name of the Vulnerable Software and Affected Versions phoenix storybook versions 0.5.0 through 1.0.x Description Unauthenticated remote code execution is possible due to unsanitized attribute value interpolation during HEEx template generation. The psb-assign WebSocket event handler in the handle...

9.5CVSS6.6AI score0.00847EPSS

Exploits0References11

OSV•added 2026/05/19 10:16 p.m.•1 views

UBUNTU-CVE-2026-5090

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

6.1CVSS6AI score0.00282EPSS

Exploits0References8

NVD•added 2026/05/19 10:16 a.m.•8 views

CVE-2026-35086

Improper Control of Generation of Code 'Code Injection' vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS0.00497EPSS

NVD•added 2026/05/19 10:16 a.m.•12 views

CVE-2026-46586

8.8CVSS0.0055EPSS

NVD•added 2026/05/19 10:16 a.m.•8 views

CVE-2026-31379

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

6.1CVSS0.00588EPSS