CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

378124 matches found

Packet Storm News•added 2026/12/29 12:0 a.m.•208 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score

Exploits0

NVD•added 1 hour ago•2 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS

Exploits0References3

NVD•added 1 hour ago•1 views

CVE-2026-11429

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS

Exploits0References1

CVE•added 1 hour ago•8 views

CVE-2026-11416

8.1CVSS5.6AI score

Exploits0References3

EUVD•added 1 hour ago•2 views

EUVD-2026-34916

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS6AI score

Exploits0References5

EUVD•added 1 hour ago•3 views

EUVD-2026-34899

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score

Exploits0References2

EUVD•added 1 hour ago•3 views

EUVD-2026-34889

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score

Exploits0References3

EUVD•added 1 hour ago•2 views

EUVD-2026-34913

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score

Exploits0References2

NVD•added 2 hours ago•4 views

CVE-2026-11422

8.4CVSS

Exploits0References4

Cvelist•added 2 hours ago•6 views

CVE-2026-11431 Path Traversal in Altium Projects Service Allows Arbitrary File Read

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...

8.3CVSS

Exploits0References1

GithubExploit•added 2 hours ago•5 views

UPnPHostFileRead

Description Local arbitrary file read PoC exploit for the Wind...

Exploits0

NVD•added 3 hours ago•4 views

CVE-2026-46400

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

8.7CVSS

Exploits0References1

NVD•added 3 hours ago•5 views

CVE-2026-46397

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion LFI vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written in...

6.5CVSS

Exploits0References1

NVD•added 3 hours ago•4 views

CVE-2026-11420

Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...

10CVSS

Exploits0References1

NVD•added 3 hours ago•6 views

CVE-2026-11414

10CVSS

Exploits0References1

CVE•added 3 hours ago•10 views

CVE-2026-11422

CVE-2026-11422 : A code injection vulnerability exists in Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28, within the WaveDrom rendering pipeline. The vulnerability arises from unsanitized WaveDrom block content being passed to window.eval() in the VS Code webview context, enabling a...

8.4CVSS6AI score

Exploits0References4

Cvelist•added 3 hours ago•11 views

CVE-2026-11423 Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...

9.4CVSS

Exploits0References1

Cvelist•added 3 hours ago•7 views

CVE-2026-11420 Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read

10CVSS

Exploits0References1