CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: 6lowpan: resetting the link-local header in the IPv6 receive path The Bluetooth 6lowpan.c netdev module has the headerops function; therefore, it must set the link-local header for the RX skb. Otherwise, things will...

5.8AI score0.00076EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в golang-golang-x-net

An attacker can cause excessive memory usage in a Go server that accepts HTTP/2 requests. HTTP/2 server connections include a cache of HTTP header keys sent by the client. Although the total number of entries in this cache is limited, an attacker who sends very large keys can cause the server to...

5.3CVSS6.9AI score0.00331EPSS

EUVD•added 2026/05/20 5:31 a.m.•7 views

EUVD-2026-31064

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

6.4CVSS6AI score0.00061EPSS

ATTACKERKB•added 2026/05/20 5:31 a.m.•3 views

CVE-2026-2955

6.4CVSS6AI score0.00061EPSS

Exploits0References3

Cvelist•added 2026/05/20 5:31 a.m.•34 views

CVE-2026-2955 AI Chatbot & Workflow Automation by AIWU <= 1.4.14 - Unauthenticated Stored Cross-Site Scripting via 'X-Forwarded-For' Header

6.4CVSS0.00061EPSS

GithubExploit•added 2026/05/20 2:23 a.m.•52 views

Exploit for Incorrect Authorization in Vercel Next.Js

Himalaya Tech Admin Panel — CVE-2025-29927 Demo WARNING:...

9.1CVSS6.9AI score0.92118EPSS

Exploits55

NVD•added 2026/05/20 2:16 a.m.•9 views

CVE-2026-6072

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.4.2.6. The plugin protects its entire /wp-json/pos-bridge/ REST API namespace through the oliverposrestauthentication...

6.5CVSS0.00186EPSS

CVE•added 2026/05/20 1:25 a.m.•11 views

CVE-2026-6072

The Oliver POS plugin for WordPress (WooCommerce integration) is affected up to version 2.4.2.6 by an Authorization Bypass in the /wp-json/pos-bridge/* API. The issue arises from a loose PHP comparison in oliver_pos_rest_authentication() that compares the attacker-supplied OliverAuth header to th...

6.5CVSS5.7AI score0.00186EPSS

Cvelist•added 2026/05/20 1:25 a.m.•33 views

CVE-2026-6072 Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header

6.5CVSS0.00186EPSS

Vulnrichment•added 2026/05/20 1:25 a.m.•8 views

CVE-2026-6072 Oliver POS <= 2.4.2.6 - Unauthenticated Authorization Bypass Through User-Controlled Key to 'OliverAuth' Header

6.5CVSS5.7AI score0.00186EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•12 views

PT-2026-42145

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

3.7CVSS5.8AI score0.00029EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

PT-2026-42107

6.4CVSS6AI score0.00061EPSS

Exploits0References3

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

PT-2026-42374

DevGuard has an unauthenticated identity assertion via X-Admin-Token header in github.com/l3montree-dev/devguard...

9.3CVSS5.8AI score0.00066EPSS

Exploits0References4

Tenable Nessus•added 2026/05/20 12:0 a.m.•4 views

Fedora 44 : python-django5 (2026-9b7a6474a1)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9b7a6474a1 advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

9.8CVSS5.8AI score0.00056EPSS

Exploits1References10

Tenable Nessus•added 2026/05/20 12:0 a.m.•8 views

Fedora 43 : python-django5 (2026-4d1404fc5d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4d1404fc5d advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

9.8CVSS5.8AI score0.00056EPSS

Exploits1References10

CNNVD•added 2026/05/20 12:0 a.m.•5 views

WordPress plugin AI Chatbot & Workflow Automation by AIWU 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00061EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•4 views

Fedora 44 : python-django6 (2026-de6e24ae07)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-de6e24ae07 advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

9.8CVSS5.9AI score0.00056EPSS

Exploits1References10

CNNVD•added 2026/05/20 12:0 a.m.•7 views

HCL BigFix Service Management 安全漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. There is a security vulnerability in HCL BigFix Service Management. This vulnerability stems from incorrect security configurations. The absence or insecure use of the...

6.5CVSS5.8AI score0.00029EPSS