CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added yesterday•2 views

EulerOS 2.0 SP13 : systemd (EulerOS-SA-2026-2315)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.CVE-2026-40226 A flaw was...

6.7CVSS5.9AI score0.00026EPSS

Positive Technologies•added yesterday•3 views

PT-2026-48477

Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-1059 Insufficient Technical Documentation / Behavioral Inconsistency Summary The S3 bucket that AccountFoundation creates to receive CloudTrail and AWS Config audit logs is meant to be tamper-resistant — if someone with...

7.1CVSS5.5AI score

Positive Technologies•added yesterday•4 views

PT-2026-48427

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.5AI score

Positive Technologies•added yesterday•4 views

PT-2026-48442

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions////save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.systemf"dos2unix -q cfg". configver is not run...

8.8CVSS5.5AI score

Positive Technologies•added yesterday•3 views

PT-2026-48600

Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...

6.8CVSS5.9AI score

RedhatCVE•added 2 days ago•5 views

CVE-2026-11554

A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

5.3CVSS5.2AI score0.0005EPSS

Exploits0References1

EUVD•added 2 days ago•4 views

EUVD-2026-35707

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00324EPSS

Exploits0References5

EUVD•added 2 days ago•4 views

EUVD-2026-35449

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS5.5AI score0.00055EPSS

NVD•added 2 days ago•4 views

CVE-2026-49959

8.8CVSS0.00324EPSS

Vulnrichment•added 2 days ago•4 views

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

8.8CVSS6.7AI score0.00324EPSS

RedhatCVE•added 2 days ago•4 views

CVE-2026-11517

A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly...

9CVSS6.1AI score0.00043EPSS

Exploits0References1

RedhatCVE•added 2 days ago•7 views

CVE-2026-11492

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to...

8.8CVSS5.1AI score0.00041EPSS

Exploits1References1

Cvelist•added 2 days ago•28 views

CVE-2026-11620 TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...

6.9CVSS0.00096EPSS

EUVD•added 2 days ago•4 views

EUVD-2026-35294

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS6.1AI score0.00042EPSS

Tenable Nessus•added 2 days ago•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-41004

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from...

4.4CVSS5.5AI score0.00008EPSS

Positive Technologies•added 2 days ago•4 views

PT-2026-48121

8.8CVSS6.7AI score0.00324EPSS

Exploits0References5

Tenable Nessus•added 2 days ago•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-40982

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud- config-server module. A malicious user, or attacker,...

9.1CVSS5.6AI score0.00168EPSS