CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/30 12:0 a.m.•7 views

PT-2026-45141

A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts report search of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument...

5.8CVSS5.7AI score0.00034EPSS

Positive Technologies•added 2026/05/30 12:0 a.m.•7 views

PT-2026-45103

A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip zebra read ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been...

9CVSS7.7AI score0.00046EPSS

Positive Technologies•added 2026/05/30 12:0 a.m.•7 views

PT-2026-45092

A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be...

5.3CVSS5.5AI score0.00064EPSS

Exploits0References8

CNNVD•added 2026/05/30 12:0 a.m.•7 views

Edimax BR-6478AC 安全漏洞

The Edimax BR-6478AC is a dual-band Gigabit router produced by Edimax Corporation. Version 1.23 of the Edimax BR-6478AC contains a security vulnerability. This vulnerability stems from a function called formPPPoESetup in the component POST Request Handler. The function’s handling of the parameter...

9CVSS7.4AI score0.00046EPSS

RedhatCVE•added 2026/05/29 8:13 p.m.•9 views

CVE-2026-9422

A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00057EPSS

OSV•added 2026/05/29 7:7 p.m.•5 views

GHSA-XG9X-H37W-H3R3 ezsystems/ezpublish-legacy has a SQL injection in dfscleanup

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

7.1CVSS5.8AI score

Exploits0References2

NVD•added 2026/05/29 6:16 p.m.•8 views

CVE-2026-10070

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS0.00046EPSS

Snyk•added 2026/05/29 5:49 p.m.•5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the BaseHandler.set trap in lib/bridge.js. An...

9.2CVSS6.2AI score

Exploits0References2

NVD•added 2026/05/29 4:16 p.m.•9 views

CVE-2026-10068

A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side request forgery. The attack may be initiated remotely. This project is superseded by FreshTomato. Thi...

7.5CVSS0.0005EPSS

Vulnrichment•added 2026/05/29 4:15 p.m.•9 views

CVE-2026-10070 macrozheng mall Super Admin Password update improper authorization

5.8CVSS5.5AI score0.00046EPSS

Vulnrichment•added 2026/05/29 3:45 p.m.•7 views

CVE-2026-10068 Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery

7.5CVSS6.8AI score0.0005EPSS

Cvelist•added 2026/05/29 3:45 p.m.•29 views

CVE-2026-10068 Shibby Tomato SUBSCRIBE Call miniupnpd send server-side request forgery

7.5CVSS0.0005EPSS

EUVD•added 2026/05/29 3:45 p.m.•7 views

EUVD-2026-33345

7.5CVSS5.6AI score0.0005EPSS

CVE•added 2026/05/29 3:45 p.m.•9 views

CVE-2026-10068

CVE-2026-10068 affects Shibby Tomato 1.28. The vulnerability lies in the SUBSCRIBE Call Handler’s miniupnpd component, specifically the send function in usr/sbin/miniupnpd, enabling server-side request forgery. The issue can be triggered remotely and is documented as affecting products superseded...

7.5CVSS6.8AI score0.0005EPSS

NVD•added 2026/05/29 1:16 p.m.•8 views

CVE-2026-48527

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS0.00033EPSS

Vulnrichment•added 2026/05/29 12:42 p.m.•5 views

CVE-2026-44239 FreePBX: Authenticated Local File Inclusion in Dashboard Module

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

7.6CVSS6AI score0.00053EPSS

CVE•added 2026/05/29 12:26 p.m.•18 views

CVE-2026-48527

HAX CMS (PHP/NodeJS backends) is affected up to version 26.0.0 by a stored XSS in the /system/api/saveNode endpoint. An authenticated user with page-edit permissions can bypass the HTML sanitizer by injecting an event handler attribute without whitespace before the attribute name. Affected compon...

8.7CVSS5.6AI score0.00033EPSS