CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 6 days ago•4 views

CVE-2026-0718

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultpshareCountcallback function in all versions up to, and including, 5.0.5. This makes it possible for...

5.3CVSS5.5AI score0.00025EPSS

RedhatCVE•added 6 days ago•5 views

CVE-2026-39329

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...

8.8CVSS5.6AI score0.00039EPSS

Snyk•added 6 days ago•2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the readExternal methods in the AE, SS, and ServerConfigurationPayload classes, all of which call builderWithExpectedSize without checking the size of the input. A cluster user wit...

7.5CVSS5.5AI score0.00044EPSS

OSV•added 6 days ago•4 views

JLSEC-2026-573

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

6.5CVSS5.5AI score0.00041EPSS

Exploits1References2

Cvelist•added 6 days ago•39 views

CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

0.00052EPSS

Vulnrichment•added 6 days ago•4 views

CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders

5.7AI score0.00052EPSS

ATTACKERKB•added 6 days ago•4 views

CVE-2026-10879

5.7AI score0.00052EPSS

Positive Technologies•added 6 days ago•9 views

PT-2026-46958

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.648 Description A heap overflow occurs when preparsing SQL statements containing more than 9 binders. The preparse function expands SQL placeholder characters into numbered binders using the format :pN, but it only...

9.8CVSS5.6AI score0.00052EPSS

Exploits0References11

RedHat Linux•added last week•4 views

kernel: nbd: defer config unlock in nbd_genl_connect

In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbdgenlconnect There is one use-after-free warning when running NBDCMDCONNECT and NBDCLEARSOCK: nbdgenlconnect nbdallocandinitconfig // configrefs=1 nbdstartdevice // configrefs=2 set NBDRTHASCONFIGREF...

5.7AI score0.00066EPSS

Exploits0References5

SUSE CVE•added 2026/06/04 2:21 a.m.•6 views

SUSE CVE-2026-46268

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

5.7AI score0.00013EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•8 views

PT-2026-46839

Good evening, I am internally scanning 16 servers for an environment. At first scan I did an authenticated scan for the 16 servers, one server let’s name it eight had 2 vulnerabilities for copy fail CVE-2026-31431 QID387198. Second scan through agent did not have this vulnerability. Third scan as...

5.8AI score

Positive Technologies•added 2026/06/04 12:0 a.m.•8 views

PT-2026-46379

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

8.8CVSS5.9AI score0.00151EPSS

RedhatCVE•added 2026/06/03 8:5 p.m.•7 views

CVE-2026-46268

A flaw was found in the Linux kernel's PCI/P2PDMA subsystem. Specifically, a warning condition in the p2pmemallocmmap function can be triggered due to an incorrect page reference count assertion. This issue occurs when the CONFIGDEBUGVM option is enabled, leading to kernel warning messages. While...

5.5CVSS5.8AI score0.00013EPSS

Exploits0References4

NVD•added 2026/06/03 6:16 p.m.•8 views

CVE-2026-46268

5.5CVSS0.00013EPSS

ATTACKERKB•added 2026/06/03 3:50 p.m.•4 views

CVE-2026-46268

5.7AI score0.00013EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/06/03 3:50 p.m.•35 views

CVE-2026-46268 PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition

0.00013EPSS

EUVD•added 2026/06/03 3:50 p.m.•7 views

EUVD-2026-34126

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

5.8AI score0.00015EPSS