CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/02/17 10:15 a.m.•4 views

CVE-2026-25903

8.7CVSS0.00028EPSS

ATTACKERKB•added 2026/02/17 9:54 a.m.•4 views

CVE-2026-25903

8.7CVSS5.6AI score0.00028EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/17 9:54 a.m.•31 views

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

8.7CVSS0.00028EPSS

Vulnrichment•added 2026/02/17 9:54 a.m.•3 views

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

8.7CVSS5.6AI score0.00028EPSS

Redos•added 2026/02/16 12:0 a.m.•5 views

ROS-20260216-73-0037

A vulnerability in the AWT and JavaFX components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker acting...

7.4CVSS5.6AI score0.00056EPSS

CNNVD•added 2026/02/15 12:0 a.m.•4 views

WordPress plugin Element Pack Addons for Elementor 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

6.5CVSS5.9AI score0.00072EPSS

Exploits0References3

Packet Storm News•added 2026/02/12 12:0 a.m.•3 views

Nikto Web Scanner 2.6.0

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including thousands of potentially dangerous files/programs, checks for outdated versions of over 1500 server components, and version specific problems on hundreds of servers...

5.6AI score

CNNVD•added 2026/02/12 12:0 a.m.•3 views

Arduino App Lab 操作系统命令注入漏洞

Arduino App Lab is an integrated development environment for developing Arduino applications, based on the open-source Arduino framework. Versions of Arduino App Lab prior to 0.4.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficien...

6.8CVSS6AI score0.00044EPSS

vulnersOsv•added 2026/02/11 10:23 p.m.•3 views

@cognigy/cognigy-cli (>=1.9.7 <=2.1.0), @meta-1/nest-ai (>=0.0.1 <=0.0.5) +10 more potentially affected by CVE-2026-26019 via @langchain/community (>=1.0.0 <=1.1.12)

@langchain/community NPM version =1.0.0, =1.9.7, =0.0.1, =0.2.0, =0.0.16, =1.4.13, =1.0.0, =3.1.0, =0.3.0, =0.0.210, =0.1.1, =0.1.2 Source cves: CVE-2026-26019 Source advisory: SNYK:JS-LANGCHAINCOMMUNITY-15268428...

4.1CVSS7.4AI score0.00013EPSS

Tenable Nessus•added 2026/02/11 12:0 a.m.•4 views

SUSE SLES15 / openSUSE 15 Security Update : freerdp (SUSE-SU-2026:0417-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0417-1 advisory. - CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. - CVE-2026-22854:...

9.8CVSS6.1AI score0.00197EPSS

Exploits8References25

Wolfi•added 2026/02/10 1:48 p.m.•8 views

GHSA-H355-32PF-P2XM vulnerabilities

Vulnerabilities for packages: nri-redis, aws-eks-pod-identity-agent, kind, kubewatch, doppler-kubernetes-operator, kargo, frp, pgpool2exporter, secrets-store-csi-driver-provider-gcp, gitness, cloudprober, task, podman, rancher-telemetry, osv-scanner, aws-application-networking-k8s, kube-bench,...

5.2AI score

GithubExploit•added 2026/02/10 12:19 a.m.•129 views

Exploit for Deserialization of Untrusted Data in Facebook React

Affected Software: React Server Components versions 19.0.0, 1...

10CVSS6.5AI score0.82011EPSS

Exploits364

OSV•added 2026/02/09 9:2 a.m.•4 views

RLSA-2026:2220 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7,...

7.5CVSS5.6AI score0.0002EPSS

Exploits0References14

Tenable Nessus•added 2026/02/09 12:0 a.m.•4 views

RHEL 10 : thunderbird (RHSA-2026:2286)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:2286 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Spoofing issue in the Downloads Panel component...

9.8CVSS5.8AI score0.0002EPSS

Exploits0References28

Packet Storm•added 2026/02/09 12:0 a.m.•145 views

📄 Next.js 15 Remote Code Execution

A PHP-based proof of concept implementation demonstrating the critical remote code execution vulnerability in React Server Components RSC Flight protocol, affecting React and Next.js applications...

10CVSS6.4AI score0.82011EPSS

Exploits378

Snyk•added 2026/02/06 11:10 a.m.•3 views

Malicious Package

Overview @rdxportal/ui-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score

OSSF Malicious Packages•added 2026/02/06 11:10 a.m.•6 views

Malicious code in @rdxportal/ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6715dad49a0781dc55e72ae77bd13276de1564d08cfd1c0a3c3aebf37b72acc The package @rdxportal/ui-components was found to contain malicious code. Source: ghsa-malware...

5.4AI score

OSV•added 2026/02/06 11:10 a.m.•4 views

MAL-2026-796 Malicious code in @rdxportal/ui-components (npm)

5.6AI score