CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.1CVSS5.5AI score0.00151EPSS

CVE-2026-39552

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...

7.2CVSS5.8AI score0.00155EPSS

CVE-2026-39387

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

Exploits2References1

8.8CVSS7.6AI score0.00159EPSS

CVE-2026-44243

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...

7.9CVSS5.5AI score0.00022EPSS

CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

9.9CVSS5.6AI score0.0008EPSS

CVE-2026-44881

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

RedhatCVE•added 4 days ago•5 views

CVE-2026-44641

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but...

7.1CVSS5.6AI score0.00057EPSS

RedhatCVE•added 4 days ago•5 views

CVE-2026-44469

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...

8.5CVSS5.5AI score0.00011EPSS

RedhatCVE•added 4 days ago•7 views

CVE-2026-44340

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...

8.7CVSS5.5AI score0.00023EPSS

EUVD•added 4 days ago•7 views

EUVD-2026-34902

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion LFI vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written in...

Cvelist•added 4 days ago•27 views

CVE-2026-46397 haxcms-php Local File Inclusion via saveOutline API Location Parameter v2.0

6.5CVSS0.0004EPSS

9.8CVSS5.7AI score0.00063EPSS

CVE-2026-44888

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

CVE•added 4 days ago•9 views

CVE-2026-46397

CVE-2026-46397 details a vulnerability in HAX CMS (PHP/Node.js backends) where an authenticated user can trigger a Local File Inclusion (LFI) via the saveOutline API, by manipulating the location field written into site.json. The issue allows reading arbitrary server files accessible to the web s...

ATTACKERKB•added 4 days ago•5 views

CVE-2026-46397

Exploits0References2Affected Software2

Vulnrichment•added 4 days ago•2 views

CVE-2026-46397 haxcms-php Local File Inclusion via saveOutline API Location Parameter v2.0

RedhatCVE•added 4 days ago•5 views

CVE-2026-44088

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

8.6CVSS6.3AI score0.00442EPSS

RedhatCVE•added 4 days ago•7 views

CVE-2026-44343

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

9.8CVSS5.5AI score0.00269EPSS

7.5CVSS5.6AI score0.00057EPSS

CVE-2026-44594

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...

8.7CVSS5.4AI score0.00036EPSS

CVE-2026-44729

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

RedhatCVE•added 4 days ago•8 views

CVE-2026-44468

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...

8.5CVSS5.5AI score0.00011EPSS