CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 6 days ago•15 views

CVE-2026-20233

Cisco Webex Meetings web UI vulnerable to cross-site scripting (XSS) due to insufficient input validation. Exploitation requires a user to follow a malicious link, enabling arbitrary script execution in the target’s browser and potential access to browser-based information. Affected: web-based us...

6.1CVSS6AI score0.0002EPSS

Exploits0References1Affected Software1

Cisco•added 6 days ago•6 views

Cisco Webex Meetings Cross-Site Scripting Vulnerability

6.1CVSS6AI score0.0002EPSS

Cvelist•added 6 days ago•33 views

CVE-2026-46267 nfc: hci: shdlc: Stop timers and work before freeing context

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...

0.00024EPSS

Exploits0References7

EUVD•added 6 days ago•7 views

EUVD-2026-34129

5.7AI score0.00024EPSS

Exploits0References7

ATTACKERKB•added 6 days ago•5 views

CVE-2026-46261

In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcmfiuprobe platformgetresourcebyname can return NULL, which would cause a crash when passed the pointer to resourcesize. Move the fiu-memorysize assignment after the erro...

5.7AI score0.00018EPSS

Exploits0References6Affected Software1

RedhatCVE•added 6 days ago•8 views

CVE-2026-38978

A flaw was found in Transmission. A clickjacking weakness exists in the browser-facing WebUI and RPC Remote Procedure Call response paths. This vulnerability could allow a remote attacker to trick a user into performing unintended actions by overlaying malicious content over legitimate interface...

5.3CVSS5.8AI score0.00038EPSS

NVD•added 6 days ago•7 views

CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS0.00047EPSS

Vulnrichment•added 6 days ago•6 views

CVE-2026-10729 HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

CVE•added 6 days ago•7 views

CVE-2026-10729

The CVE-2026-10729 entry covers an HTML injection vulnerability in Thinkst Applied Research Canarytokens specifically in the notification email delivery. Affected component: Canarytokens notification emails that render HTML. Root cause described: HTML injection can enable Interface Manipulation a...

EUVD•added 6 days ago•7 views

EUVD-2026-34085

ATTACKERKB•added 6 days ago•6 views

CVE-2026-10729

Nuclei•added 6 days ago•31 views

Cisco RV132W/RV134W Router - Information Disclosure

Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information. id: CVE-2018-012...

9.8CVSS7.3AI score0.91541EPSS

Exploits1References5

SUSE CVE•added 6 days ago•8 views

SUSE CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

5.8AI score0.00038EPSS

Exploits0References3

Cvelist•added 6 days ago•35 views

CVE-2026-36608

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...

0.00016EPSS

Positive Technologies•added 6 days ago•5 views

PT-2026-46005

Name of the Vulnerable Software and Affected Versions Kimi AI version 1.0 Description A Cross Site Scripting issue exists in the 'Preview' feature of the web interface. The application does not properly sanitize or encode HTML or JavaScript payloads produced by the AI model. When a user accesses...

6.3CVSS6.1AI score0.00042EPSS

Exploits0References4

Positive Technologies•added 6 days ago•6 views

PT-2026-45936

NVD•added last week•9 views

CVE-2026-44654

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

8.1CVSS0.00043EPSS

Exploits1References1

NVD•added last week•8 views

CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS0.00024EPSS

RedhatCVE•added last week•8 views

CVE-2026-5509

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

8.5CVSS6.2AI score0.00634EPSS