CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/26 5:30 p.m.•34 views

CVE-2026-47202 Kavita: Pre-Auth Account Takeover

Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnerability is fixed in 0.9.0.2...

9.3CVSS0.00025EPSS

Patchstack•added 2026/05/26 5:23 p.m.•4 views

WordPress auto making JSON-LD plugin <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings vulnerability

Cross-Site Request Forgery to Plugin Certification Settings vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin auto making JSON-LD versions = 4.5.3...

4.3CVSS5.8AI score0.00013EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/26 5:16 p.m.•9 views

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

7.6CVSS0.00783EPSS

CVE•added 2026/05/26 4:49 p.m.•8 views

CVE-2026-44680

MikroORM is vulnerable to SQL injection via runtime-controlled identifiers and JSON-path keys. The root cause is improper escaping in the identifier-quoting helper (Platform.quoteIdentifier and PostgreSQL/MSSQL overrides) and in JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey)...

ATTACKERKB•added 2026/05/26 4:49 p.m.•4 views

CVE-2026-44680

Exploits2References6Affected Software3

Vulnrichment•added 2026/05/26 4:49 p.m.•6 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

EUVD•added 2026/05/26 4:49 p.m.•6 views

EUVD-2026-31893

Cvelist•added 2026/05/26 4:49 p.m.•31 views

CVE-2026-44680 MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys

7.6CVSS0.00783EPSS

GithubExploit•added 2026/05/26 2:47 p.m.•64 views

Exploit for CVE-2026-47668

CVE-2026-47668 DbGate Unauthenticated Remote Code Execution...

6.7AI score

Exploits1

OSSF Malicious Packages•added 2026/05/26 2:34 p.m.•11 views

Malicious code in chainix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93d9609d2eac0c0ff33aed557171138930255798aa649fa648b04814c8cb1908 Package presents itself as a pino-compatible logger README badges link to pinojs/pino, exports alias module.exports.pino = middleware but its exporte...

6.4AI score

OSV•added 2026/05/26 2:34 p.m.•3 views

MAL-2026-4817 Malicious code in chainix (npm)

6.4AI score

RedHat Linux•added 2026/05/26 12:59 p.m.•9 views

Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

A flaw was found in the JsonAccessLogValve component of Apache Tomcat. This improper encoding or escaping of output vulnerability could allow an attacker to inject specially crafted data into log files. This could lead to information disclosure or other unintended consequences when the logs are...

7.5CVSS7AI score0.00067EPSS

Exploits0References5

RedHat Linux•added 2026/05/26 9:30 a.m.•13 views

mysql: JSON unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

6.5CVSS7.2AI score0.00046EPSS

Exploits0References6

OSSF Malicious Packages•added 2026/05/26 8:46 a.m.•11 views

Malicious code in react-json-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3411327be0927b7a726464d2bd9a590ff4ca61bc08e9170e4c0e482dc18dac2 On require'react-json-chalk', lib/writer.js executes top-level code that attempts require'modustack'; if not resolvable, it shells out to npm install...

5.8AI score

Exploits0References1

OSV•added 2026/05/26 8:46 a.m.•5 views

MAL-2026-4792 Malicious code in react-json-chalk (npm)

5.8AI score

Exploits0References1

RedHat Linux•added 2026/05/26 7:42 a.m.•8 views

ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection

A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...

9.1CVSS6.3AI score0.00038EPSS

Exploits0References5

OSSF Malicious Packages•added 2026/05/26 7:20 a.m.•9 views

Malicious code in react-ui-polyfills (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c43460df1ee670b8a5982d77e7028aef7df25fa38922f743489fd52b41b5ea Package advertises itself as React polyfills / UI compatibility helpers but ships no React or polyfill code. The exported getPlugin function returns ...

5.9AI score