CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/05/20 2:0 p.m.•28 views

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

7.8CVSS5.8AI score0.00123EPSS

Exploits0References5

EUVD•added 2026/05/20 1:37 p.m.•9 views

EUVD-2026-31117

Vulnrichment•added 2026/05/20 1:37 p.m.•8 views

CVE-2026-21836 HCL DominoIQ is affected by broken access control

Cvelist•added 2026/05/20 1:37 p.m.•36 views

CVE-2026-21836 HCL DominoIQ is affected by broken access control

6.5CVSS0.00264EPSS

ATTACKERKB•added 2026/05/20 1:37 p.m.•6 views

CVE-2026-21836

Exploits0References2Affected Software1

CVE•added 2026/05/20 1:37 p.m.•16 views

CVE-2026-21836

The CVE concerns HCL DominoIQ RAG: a Broken Access Control flaw where, under certain conditions, document-level access restrictions can be ignored when producing data for an AI query. This could allow an authenticated attacker to view sensitive data. The issue is described with a CVSS v3.1 base s...

OSV•added 2026/05/20 1:17 p.m.•8 views

MAL-2026-4569 Malicious code in gator-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1925735d02fb91f74a11718c3402ad0b10f551eecb8c6d88f02d475b3e0a799f On npm install via scripts.install: node index.js and on every require'gator-client', lib/core.js collects os.userInfo.username, os.hostname, and the...

5.9AI score

NVD•added 2026/05/20 1:16 p.m.•10 views

CVE-2026-45443

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...

5CVSS0.00194EPSS

NVD•added 2026/05/20 1:16 p.m.•13 views

CVE-2026-27405

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

6.5CVSS0.00307EPSS

RedHat Linux•added 2026/05/20 1:8 p.m.•12 views

kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...

7.8CVSS6.1AI score0.03663EPSS

Exploits10References5

RedHat Linux•added 2026/05/20 1:3 p.m.•8 views

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

7.8CVSS5.8AI score0.00123EPSS

Exploits0References5

OSSF Malicious Packages•added 2026/05/20 1:0 p.m.•10 views

Malicious code in lynx-keeper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc28f02ae68bf5a1a57af8662180d7a8a040e6f32ad87abde9acdae508070189 On require, dist/index.js executes a hex-obfuscated harvester that reads /.aws/credentials, /.aws/config, /.ssh/idrsa, /.ssh/ided25519, /.ssh/config,...

5.8AI score

Exploits0References4

The Hacker News•added 2026/05/20 12:51 p.m.•21 views

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control C2 or C&C communications. Webworm, first publicly documented by Broadcom-owned Symantec ...

5.9AI score

Exploits0

ATTACKERKB•added 2026/05/20 12:16 p.m.•5 views

CVE-2026-27405

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

Vulnrichment•added 2026/05/20 12:16 p.m.•10 views

Exploits0References2

CVE-2026-27405 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

EUVD•added 2026/05/20 12:16 p.m.•9 views

EUVD-2026-31097

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

Cvelist•added 2026/05/20 12:16 p.m.•38 views

CVE-2026-27405 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

6.5CVSS0.00307EPSS

CVE•added 2026/05/20 12:16 p.m.•13 views

CVE-2026-27405

CVE-2026-27405 concerns the WordPress plugin WpBookingly (Magepeople Inc.) up to version 1.2.9, where a Missing Authorization vulnerability enables broken access control. The issue affects WpBookingly 1.2.9 and earlier, with CVSS v3.1 base score 6.5 (Medium) and an attack vector over network. The...