CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1078857 matches found

CVE-2026-11420

Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...

10CVSS6.4AI score0.00676EPSS

Exploits0References1

RedhatCVE•added yesterday•8 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00422EPSS

Exploits0References1

RedhatCVE•added yesterday•8 views

CVE-2026-11422

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS6AI score0.00019EPSS

Exploits0References1

RedhatCVE•added yesterday•7 views

CVE-2026-11429

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.4AI score0.00437EPSS

Exploits0References1

RedhatCVE•added yesterday•8 views

CVE-2026-46400

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

8.7CVSS5.9AI score0.00321EPSS

Exploits0References1

OSV•added 2 days ago•3 views

MINI-9J34-WMQ5-QX94

Bulletin has no description...

5.2AI score

Exploits0

OSV•added 2 days ago•3 views

ECHO-B5F1-63A7-4F7C

Bulletin has no description...

6.9CVSS5.2AI score0.00014EPSS

Exploits0References1

GithubExploit•added 2 days ago•56 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

FreePBX 16 — Unauthenticated SQLi to RCE Proof-of-concept exp...

10CVSS6.4AI score0.76952EPSS

Exploits18

GithubExploit•added 2 days ago•63 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

CVE-2025-57819 — FreePBX Unauthenticated SQLi → RCE One-shot...

10CVSS6.9AI score0.76952EPSS

Exploits14

OSSF Malicious Packages•added 2 days ago•9 views

Malicious code in uhd-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 358eee34aaba61eaa93e977d35a18f35f59a56527d7c20b6e9a0bdf9c4a0a8da The OpenSSF Package Analysis project identified 'uhd-setup' @ 99.0.0 npm as malicious. It is considered malicious because: - The package...

5.4AI score

Exploits0

RedhatCVE•added 2 days ago•9 views

CVE-2026-11334

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...

7.5CVSS5.5AI score0.00033EPSS

Exploits0References1

RedhatCVE•added 2 days ago•8 views

CVE-2026-46394

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via procopen. An...

7.7CVSS6.7AI score0.00894EPSS

Exploits0References1

RedhatCVE•added 2 days ago•8 views

CVE-2026-49493

Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...

8.8CVSS5.9AI score0.00067EPSS

Exploits0References1

RedhatCVE•added 2 days ago•8 views

CVE-2026-5411

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score0.00209EPSS

Exploits0References1

RedhatCVE•added 2 days ago•10 views

CVE-2026-46399

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

9.4CVSS6.1AI score0.0007EPSS

Exploits0References1

GithubExploit•added 2 days ago•44 views

zero2shell-50

ZeroToShell-50 🚀 A highly curated, containerized training g...

5.7AI score

Exploits0

GithubExploit•added 2 days ago•47 views

Exploit for Classic Buffer Overflow in Tp-Link Tl-Wr940N_Firmware

CVE-2024-54887 TypeScript PoC This repository contains a Type...

8CVSS5.4AI score0.01328EPSS

Exploits1