CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15869 matches found

Cvelist•added 2026/05/15 2:58 a.m.•34 views

CVE-2024-36333

A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution...

7CVSS0.0001EPSS

Exploits0References1

ATTACKERKB•added 2026/05/15 2:48 a.m.•11 views

CVE-2023-31309

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

6.8CVSS5.8AI score0.00017EPSS

Exploits0References2

Cvelist•added 2026/05/15 2:48 a.m.•32 views

CVE-2023-31309

6.8CVSS0.00017EPSS

Exploits0References1

EUVD•added 2026/05/15 2:48 a.m.•11 views

EUVD-2023-35620

6.8CVSS5.8AI score0.00017EPSS

Exploits0References1

CNNVD•added 2026/05/15 12:0 a.m.•4 views

Traefik 访问控制错误漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.46, 3.6.17, and 3.7.1 contained a access control vulnerability. This vulnerability stemmed from the Kubernetes Gateway API provider, which allowed tenants with permission to create...

9.9CVSS5.8AI score0.00016EPSS

Exploits1References1

Tenable Nessus•added 2026/05/15 12:0 a.m.•24 views

Next.js Framework 15.4.x < 15.5.16 / 16.x < 16.2.5 Authorization Bypass

The Next.js Framework on the remote host is affected by an authorization bypass vulnerability: - Applications that rely on middleware to protect dynamic routes can be vulnerable to authorization bypass. Specially crafted query parameters can alter the dynamic route value seen by the page while...

8.1CVSS5.8AI score0.00011EPSS

Exploits2References2

CNNVD•added 2026/05/15 12:0 a.m.•7 views

AMD Graphics Driver 代码问题漏洞

AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There are code vulnerabilities in AMD Graphics Driver, which stem from DLL hijacking. These vulnerabilities may allow attackers to gain elevated privileges and execute arbitrary code...

7.8CVSS6.1AI score0.0001EPSS

Exploits0References2

Redos•added 2026/05/15 12:0 a.m.•10 views

ROS-20260515-73-0048

A vulnerability in the Skia graphics library of Google Chrome browser is associated with a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information...

8.8CVSS6.1AI score0.00099EPSS

Exploits0

Snyk•added 2026/05/14 8:29 p.m.•6 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of attribute spreading and dynamic name attributes within form elements. An attacker can inject malicious scripts by manipulating both the sprea...

8.2CVSS5.5AI score

Exploits0References2

Snyk•added 2026/05/14 8:29 p.m.•7 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of attribute spreading and dynamic name attributes within form elements. An attacker can inject malicious scripts by manipulatin...

8.2CVSS5.5AI score

Exploits0References2

OSV•added 2026/05/14 8:29 p.m.•3 views

GHSA-RCQX-6Q8C-2C42 Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

5.3CVSS5.8AI score

Exploits0References3

Snyk•added 2026/05/14 8:26 p.m.•7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the FeedbackForm and insertnewfeedback paths in backend/openwebui/models/feedbacks.py. An attacker can forge feedback...

5.4CVSS5.8AI score0.00032EPSS

Exploits1References2

Snyk•added 2026/05/14 4:19 p.m.•6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over evaluation data across different...

7.7CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/14 4:19 p.m.•10 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through improper handling of the Object.assign process in the dataset service. An attacker can gain unauthorized access to...

7.7CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/14 4:19 p.m.•8 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

7.7CVSS5.8AI score

Exploits0References2

Github Security Blog•added 2026/05/14 4:18 p.m.•10 views

n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential...

5.8AI score

Exploits0References2Affected Software1

Patchstack•added 2026/05/14 4:18 p.m.•6 views

NPM: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

NPM: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

5.8AI score

Exploits0References2Affected Software1

Snyk•added 2026/05/14 2:57 p.m.•5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the PUT /api/v1/assistants/assistantId endpoint, when the server fails to validate and restrict modifications to...

7.6CVSS5.8AI score

Exploits0References3

EUVD•added 2026/05/14 2:29 p.m.•5 views

EUVD-2025-209847

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

7CVSS6.1AI score0.00017EPSS

Exploits0References1

RedhatCVE•added 2026/05/14 10:2 a.m.•9 views

CVE-2026-35579

A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG Transaction Signature authentication in the gRPC, QUIC, DoH DNS over HTTPS, and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to...

9.8CVSS5.8AI score0.00076EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by