CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/29 9:50 a.m.•7 views

EUVD-2026-33274

7.4CVSS5.7AI score0.00033EPSS

RedhatCVE•added 2026/05/29 9:50 a.m.•12 views

CVE-2026-46579

7.4CVSS5.7AI score0.00033EPSS

ATTACKERKB•added 2026/05/29 9:50 a.m.•7 views

CVE-2026-46579

7.5CVSS5.7AI score0.00033EPSS

CVE•added 2026/05/29 9:50 a.m.•16 views

CVE-2026-46579

OpenShift Router flaw: when Route.insecureEdgeTerminationPolicy is Allow, the HTTP frontend does not strip X-SSL-Client-* headers, enabling an unauthenticated attacker to craft requests that bypass mutual TLS authentication by impersonating client certificate identities. Affected component: OpenS...

7.5CVSS5.7AI score0.00033EPSS

Exploits0References2Affected Software2

ATTACKERKB•added 2026/05/29 5:54 a.m.•10 views

CVE-2026-9493

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

Vulnrichment•added 2026/05/29 5:54 a.m.•9 views

CVE-2026-9493 BankPro E-Service Technology｜Service Center - Insecure Direct Object Reference

Positive Technologies•added 2026/05/29 12:0 a.m.•12 views

PT-2026-44908

Name of the Vulnerable Software and Affected Versions Froxlor versions 2.3.6 and earlier Description DNS record content is concatenated directly into bind9 zone files in the DnsEntry.php file, which allows for zone file injection. The issue stems from incomplete validation of LOC, RP, SSHFP, and...

8.6CVSS6AI score0.00049EPSS

Exploits0References7

CNNVD•added 2026/05/29 12:0 a.m.•5 views

WordPress plugin Poll Maker 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.0005EPSS

Exploits0References9

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Manga/Image Translator 安全漏洞

Manga/Image Translator is a text-to-image translation tool developed by zyddnys’ individual developers. Manga/Image Translator has a security vulnerability, which stems from insecure deserialization during the shared API server mode. This vulnerability could allow remote attackers to execute...

9.8CVSS6.2AI score0.00476EPSS

Exploits0References4

Positive Technologies•added 2026/05/29 12:0 a.m.•7 views

PT-2026-44799

Name of the Vulnerable Software and Affected Versions OpenShift Router affected versions not specified Description A flaw in the HTTP frontend occurs when a Route has the insecureEdgeTerminationPolicy set to Allow. In this configuration, the router fails to remove X-SSL-Client- headers from...

7.5CVSS5.5AI score0.00033EPSS

Exploits0References7

CNNVD•added 2026/05/29 12:0 a.m.•5 views

QuickCMS 跨站脚本漏洞

QuickCMS is an open-source content management system developed by QuickCMS. QuickCMS has a cross-site scripting vulnerability. This vulnerability stems from an insecure HTTP-based plugin acquisition mechanism that makes it vulnerable to cross-site scripting attacks. Malicious attackers can...

4.8CVSS5.7AI score0.00032EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•7 views

PT-2026-45060

Summary Type: Insecure Direct Object Reference. The dependency endpoints POST/GET /workspaces/workspace id/issues/issue id/dependencies and DELETE .../dependencies/dep id gate access on require workspace memberworkspace id only, then dispatch to DependencyService calls that take URL/body-supplied...

8.1CVSS5.9AI score

Positive Technologies•added 2026/05/29 12:0 a.m.•6 views

PT-2026-45073

Name of the Vulnerable Software and Affected Versions Apache Solr versions 9.4.0 through 9.10.1 Apache Solr version 10.0.0 Description The Basic Authentication setup tool bin/solr auth enable contains hardcoded credentials. This allows a remote attacker to gain full administrative access to the...

9.8CVSS5.9AI score0.00471EPSS

Exploits0References10

CNNVD•added 2026/05/29 12:0 a.m.•6 views

BankPro E-Service Service Center 安全漏洞

The BankPro E-Service Service Center is a digital banking service management platform provided by BankPro E-Service in Taiwan, China. There is a security vulnerability in the BankPro E-Service Service Center. This vulnerability stems from insecure direct object references, which may allow...

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44753

NVD•added 2026/05/28 10:17 p.m.•10 views

CVE-2026-45342

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

7.1CVSS0.00043EPSS

CVE•added 2026/05/28 8:47 p.m.•10 views

CVE-2026-45342

LinkAce prior to version 2.5.6 is affected by an Insecure Direct Object Reference (IDOR) in the authorization policy layer. The root cause is in update() policy methods (LinkPolicy, LinkListPolicy, TagPolicy, NotePolicy) where access checks delegate to userCanAccessX(), which returns true for any...

RedhatCVE•added 2026/05/28 8:13 p.m.•9 views

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

8.8CVSS5.8AI score0.00087EPSS

RedhatCVE•added 2026/05/28 8:12 p.m.•7 views

CVE-2025-68712

SpSoft AppLock com.sp.protector.free 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce...

5.5CVSS5.8AI score0.0002EPSS