CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

592 matches found

Astra Linux – Vulnerability in git-lfs

Git LFS is an extension of Git for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host’s URL to the git-credential1 command without checking for embedded line-ending control characters. It then sends any credentials it receives back...

8.5CVSS7.2AI score0.0104EPSS

Exploits0References2

NVD•added 6 days ago•12 views

CVE-2026-55746

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS0.00171EPSS

Exploits0References2

NVD•added 6 days ago•11 views

CVE-2026-55745

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...

5.4CVSS0.00116EPSS

Exploits0References2

NVD•added 6 days ago•10 views

CVE-2026-55744

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

8.6CVSS0.00177EPSS

Exploits0References2

Cvelist•added 6 days ago•21 views

CVE-2026-55746 Cotonti stored XSS via PFS folder title

7.6CVSS0.00171EPSS

Exploits0References2

EUVD•added 6 days ago•8 views

EUVD-2026-37858

7.6CVSS5.2AI score0.00171EPSS

Exploits0References2

CVE•added 6 days ago•12 views

CVE-2026-55746

Cotonti 1.0.0 (master, f43f1fc3) is affected by a stored XSS in the Personal File Storage (PFS) module. A folder title field (pff_title) is imported with the TXT filter, which does not strip/encode HTML because the tag check in cot_import is disabled. The title is assigned to the template variabl...

7.6CVSS5.3AI score0.00171EPSS

Exploits0References2

EUVD•added 6 days ago•8 views

EUVD-2026-37856

5.4CVSS5.3AI score0.00116EPSS

Exploits0References2

CVE•added 6 days ago•11 views

CVE-2026-55745

CVE-2026-55745 affects Cotonti 1.0.0 (master, commit f43f1fc3) in the Personal File Storage (PFS) module. The vulnerability arises in modules/pfs/inc/pfs.editfolder.php, where the folder update action (a=update) updates metadata (title, description, public/gallery flags) without calling cot_check...

5.4CVSS5.4AI score0.00116EPSS

Exploits0References2

Cvelist•added 6 days ago•20 views

CVE-2026-55745 Cotonti CSRF in PFS folder edit allows unauthorized folder modification

5.4CVSS0.00116EPSS

Exploits0References2

CVE•added 6 days ago•13 views

CVE-2026-55744

Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to CSRF in Personal File Storage (PFS). The file upload action (a=upload) in modules/pfs/inc/pfs.main.php does not call cot_check_xg() to validate the anti-CSRF token, unlike the delete action. A remote attacker could lure an authenticated use...

8.6CVSS5.5AI score0.00177EPSS

Exploits0References2

EUVD•added 6 days ago•8 views

EUVD-2026-37855

8.6CVSS5.4AI score0.00177EPSS

Exploits0References2

Cvelist•added 6 days ago•20 views

CVE-2026-55744 Cotonti CSRF in PFS allows forced arbitrary file upload

8.6CVSS0.00177EPSS

Exploits0References2

NVD•added 2026/06/15 12:16 p.m.•18 views

CVE-2026-34030

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

6.9CVSS0.00327EPSS

Exploits1References2

EUVD•added 2026/06/15 10:5 a.m.•9 views

EUVD-2026-36713

6.9CVSS5.4AI score0.00327EPSS

Exploits1References2

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49201

6.9CVSS5.3AI score0.00327EPSS

Exploits1References3

Positive Technologies•added 2026/06/09 12:0 a.m.•11 views

PT-2026-47746

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description A path allowance check in th...

2.1CVSS5.2AI score0.00356EPSS

Exploits0References9

CNNVD•added 2026/06/09 12:0 a.m.•6 views

TYPO3 CMS 路径遍历漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source project. Versions of TYPO3 CMS prior to 10.4.57, as well as versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3, have a path traversal vulnerability. This vulnerability stems from the...

2.1CVSS5.3AI score0.00356EPSS

Exploits0References2

RedhatCVE•added 2026/06/05 7:21 p.m.•8 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

9.8CVSS7.6AI score0.13789EPSS

Exploits1References1