CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/27 7:16 a.m.•3 views

CVE-2026-7092

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

6.5CVSS0.00201EPSS

EUVD•added 2026/04/27 5:45 a.m.•5 views

EUVD-2026-25780

6.5CVSS6.1AI score0.00201EPSS

Cvelist•added 2026/04/27 5:45 a.m.•21 views

CVE-2026-7092 code-projects Invoice System in Laravel Profile profile improper authorization

6.5CVSS0.00201EPSS

ATTACKERKB•added 2026/04/27 5:45 a.m.•2 views

CVE-2026-7092

6.5CVSS5.2AI score0.00201EPSS

Exploits0References5Affected Software1

CVE•added 2026/04/27 5:45 a.m.•10 views

CVE-2026-7092

Technical details about CVE-2026-7092 are not publicly available in the provided documents. No affected products, components, or remediation specifics are disclosed here. Monitor for updates.

6.5CVSS6.2AI score0.00201EPSS

EUVD•added 2026/04/27 5:30 a.m.•4 views

EUVD-2026-25778

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

6.5CVSS6AI score0.00201EPSS

OSV•added 2026/04/27 12:2 a.m.•4 views

OSV-2026-630 Use-of-uninitialized-value in JXRHandlerPrivate::readTextMeta

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=506459935 Crash type: Use-of-uninitialized-value Crash state: JXRHandlerPrivate::readTextMeta JXRHandlerPrivate::description JXRHandlerPrivate::setMetadata...

5.8AI score

CNNVD•added 2026/04/27 12:0 a.m.•6 views

Hermes Agent 授权问题漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version 0.8.0 of Hermes Agent contains an authorization vulnerability. This vulnerability stems from the checkauth function in the APISERVERKEY Handler component’s gateway/platforms/apiserver.py file...

6.3CVSS6.2AI score0.0036EPSS

CNNVD•added 2026/04/27 12:0 a.m.•7 views

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK Corporation. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setUPnPCfg function in the CGI Handler component/cgi-bin/cstecgi.cgi file, which processes the...

10CVSS7.3AI score0.01766EPSS

Exploits0References2

CNNVD•added 2026/04/27 12:0 a.m.•7 views

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setStorageCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which...

10CVSS7.3AI score0.01766EPSS

CNNVD•added 2026/04/27 12:0 a.m.•8 views

MCP Data Visualization & Experimentation Platform 代码问题漏洞

MCP Data Visualization & Experimentation Platform is a large model context protocol developed by alejandro and his team. There are code-related vulnerabilities in MCP Data Visualization & Experimentation Platform. These vulnerabilities stem from improper use of the axios function in the...

7.5CVSS7.2AI score0.0032EPSS

CNNVD•added 2026/04/27 12:0 a.m.•6 views

NextChat 代码问题漏洞

NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the proxyHandler function in the file...

7.5CVSS7.2AI score0.00356EPSS

Exploits1References1

Positive Technologies•added 2026/04/27 12:0 a.m.•8 views

PT-2026-35359

6.5CVSS6.1AI score0.00201EPSS

Positive Technologies•added 2026/04/27 12:0 a.m.•4 views

PT-2026-35379

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's...

6.3CVSS4.2AI score0.00188EPSS

Positive Technologies•added 2026/04/27 12:0 a.m.•8 views

PT-2026-35360

6.5CVSS6.2AI score0.00201EPSS

Positive Technologies•added 2026/04/27 12:0 a.m.•3 views

PT-2026-35450

A weakness has been identified in Totolink A8000RU 7.1cu.643 b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack may be launched...

10CVSS5.2AI score0.01766EPSS

Positive Technologies•added 2026/04/27 12:0 a.m.•1 views

PT-2026-35459

A vulnerability was found in vllm up to 0.19.0. The affected element is the function has mamba layers of the file vllm/v1/kv cache interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attac...

6.3CVSS5.3AI score0.00288EPSS

Exploits0References8

Positive Technologies•added 2026/04/27 12:0 a.m.•1 views

PT-2026-35525

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643 b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated...

10CVSS8.2AI score0.01766EPSS