CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added yesterday•3 views

PT-2026-45946

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trust remote code parameter, intended to prevent remote code execution, ...

8CVSS7.9AI score

NVD•added 3 days ago•5 views

CVE-2022-4991

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

7.4CVSS0.00049EPSS

EUVD•added 3 days ago•6 views

EUVD-2022-55995

6.3AI score0.00049EPSS

RedhatCVE•added 3 days ago•5 views

CVE-2026-9759

A flaw was found in the ROHC dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a NULL pointer dereference, resulting in a denial of service. Mitigation If the ROHC protocol dissector is not being used, it can be disabled via the...

5.5CVSS5.7AI score0.0001EPSS

Exploits0References5

NVD•added 3 days ago•9 views

CVE-2026-25600

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

6.4CVSS0.00007EPSS

ATTACKERKB•added 3 days ago•7 views

CVE-2026-25600

Vulnrichment•added 3 days ago•6 views

Exploits0References2

CVE-2026-25600 Credential Exposure Vulnerability in Trac PDBM

CVE•added 3 days ago•8 views

CVE-2026-25600

The CVE describes a local-privilege escalation in the PDBM application caused by a hard-coded secret embedded in PDBM.exe that is reused by encryption routines to decrypt credentials in the configuration file. Because the secret is constant across installations, an attacker with sufficient local ...

EUVD•added 3 days ago•8 views

EUVD-2026-33619

NVD•added 3 days ago•8 views

CVE-2026-10222

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function sanitizeenvlines of the file hermescli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires a high level of...

6.3CVSS0.00047EPSS

Exploits0References5

Nuclei•added 3 days ago•1334 views

Gitea 1.1.0 - 1.12.5 - Remote Code Execution

Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the...

7.2CVSS7.8AI score0.93529EPSS

Exploits12References5

Exploit DB•added 5 days ago•43 views

Notepad++ 8.9.6 - Arbitrary Code Execution

Exploit Title: Notepad++ 8.9.6 - Arbitrary Code Execution Date: 2026-05-30 Exploit Author: Kavin Jindal Avyukt Security https://www.linkedin.com/in/kavin-jindal/ Vendor Homepage: https://notepad-plus-plus.org Software Link: https://notepad-plus-plus.org/downloads/v8.9.6/ Version: from config.xml...

5.8AI score

Exploits4

CVE•added 2026/05/27 7:58 p.m.•7 views

CVE-2026-48065

The CVE-2026-48065 issue affects pam_usb for Linux prior to version 0.9.1. In src/conf.c, heap memory is allocated as size proportional to n_devices (derived from libxml2 XPath on the config file) without an upper bound. On 32-bit targets (armv7l, i686 listed in the Makefile), n_devices * sizeof(...

6.7CVSS5.9AI score0.00022EPSS

RedhatCVE•added 2026/05/27 9:40 a.m.•4 views

CVE-2025-51427

A flaw was found in ModelScope. This vulnerability allows a remote attacker to execute arbitrary code by providing a specially crafted module within the configuration file deymini.yaml under the 'nnet.module' key. Successful exploitation could lead to complete system compromise...

8.1CVSS6.1AI score0.00045EPSS

Exploits0References6

CNNVD•added 2026/05/22 12:0 a.m.•5 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained a security vulnerability. This vulnerability stemmed from the lack of cleanup for configuration file upload forms or the absence of restrictions on SVG/XML uploads, which coul...

8.5CVSS5.7AI score0.00052EPSS

Exploits0References2

EUVD•added 2026/05/20 6:39 p.m.•6 views

EUVD-2026-31152

XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading to Path Traversal. The...

9.3CVSS5.7AI score0.00051EPSS

OSSF Malicious Packages•added 2026/05/20 9:43 a.m.•5 views

Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

6.2AI score