CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29444 matches found

CVE-2026-20180

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.5AI score0.00469EPSS

Exploits1References1

RedhatCVE•added 4 days ago•7 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.5AI score0.00321EPSS

Exploits0References1

RedhatCVE•added 4 days ago•6 views

CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

10CVSS6.2AI score0.04745EPSS

Exploits0References1

RedhatCVE•added 4 days ago•8 views

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS6.5AI score0.00037EPSS

Exploits0References1

RedhatCVE•added 4 days ago•5 views

CVE-2026-40585

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

7.4CVSS5.5AI score0.00043EPSS

Exploits0References1

NVD•added 4 days ago•6 views

CVE-2026-49492

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

8.8CVSS0.00041EPSS

Exploits0References2

ATTACKERKB•added 4 days ago•4 views

CVE-2026-49492

8.8CVSS5.7AI score0.00041EPSS

Exploits0References3

OSV•added 4 days ago•4 views

GHSA-W4C6-7R69-W7J9 klever-go: REST API slow-header connection exhaustion via Gin Engine.Run

Summary The Klever seednode REST API starts a Gin engine with Engine.RunrestAPIInterface. In Gin v1.9.1, Engine.Run calls Go's default http.ListenAndServe, which constructs an HTTP server without application-level ReadHeaderTimeout, ReadTimeout, or MaxHeaderBytes limits. An unauthenticated client...

7.5CVSS5.6AI score

Exploits0References3

OSV•added 4 days ago•3 views

GHSA-CXV7-GMMP-228P NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

Summary An authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula validation and embedded into a knex.raw ORDER BY clause, executing during...

6CVSS5.8AI score

Exploits0References3