CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

516 matches found

NVD•added 2026/06/22 6:16 p.m.•14 views

CVE-2026-53538

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...

3.7CVSS0.00176EPSS

Exploits0References1

Cvelist•added 2026/06/22 4:56 p.m.•34 views

CVE-2026-53538 Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling

3.7CVSS0.00176EPSS

Exploits0References1

ATTACKERKB•added 2026/06/22 4:56 p.m.•8 views

CVE-2026-53538

3.7CVSS5.8AI score0.00176EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/20 1:27 a.m.•31 views

CVE-2026-9843 Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...

8.1CVSS0.00662EPSS

Exploits0References7

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. A lack of enforcement of an upper-bound limit on strings passed during IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

7.5CVSS6.5AI score0.01854EPSS

Exploits0References2

Positive Technologies•added 2026/06/19 12:0 a.m.•16 views

PT-2026-50836

Name of the Vulnerable Software and Affected Versions Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation versions prior to 2.8.8 Description An issue exists where unauthenticated attackers can perform Server-Side Request Forgery SSRF, a flaw that allows a serv...

6.5CVSS5.8AI score0.00312EPSS

Exploits0References18

Positive Technologies•added 2026/06/12 12:0 a.m.•14 views

PT-2026-48950

Name of the Vulnerable Software and Affected Versions form-data versions prior to 2.5.6 form-data versions prior to 3.0.5 form-data versions prior to 4.0.6 Description The field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header withou...

8.7CVSS5.2AI score0.00325EPSS

Exploits0References18

RedhatCVE•added 2026/06/10 9:3 p.m.•10 views

CVE-2026-47975

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:3 p.m.•7 views

CVE-2026-47957

5.4CVSS5.4AI score0.00224EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:3 p.m.•8 views

CVE-2026-47970

5.4CVSS5.4AI score0.00307EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:3 p.m.•9 views

CVE-2026-47936