CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/19 3:53 p.m.•5 views

CVE-2026-47357

9.2CVSS5.8AI score0.00037EPSS

Cvelist•added 2026/05/19 3:53 p.m.•31 views

CVE-2026-47357

9.2CVSS0.00037EPSS

CVE•added 2026/05/19 3:53 p.m.•7 views

CVE-2026-47357

CVE-2026-47357 affects Terrascan v1.18.3 and earlier in server mode. An unauthenticated attacker can abuse the remote_url parameter of the remote/dir/scan endpoint to issue an SSRF against an attacker-controlled http URL. The URL is handed to hashicorp/go-getter (v1.7.5) without validation, which...

9.2CVSS5.8AI score0.00037EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/19 12:0 a.m.•6 views

PT-2026-41954

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.8AI score0.00049EPSS

CNNVD•added 2026/05/19 12:0 a.m.•4 views

terrascan 安全漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from server-side request forgeing vulnerabilities in the external URL parsing of uploaded IaC...

9.2CVSS5.9AI score0.00049EPSS

RedhatCVE•added 2026/05/18 12:44 p.m.•11 views

CVE-2026-41646

A flaw was found in Nuclei. A vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files. This can be exploited by an attacker through the require function, bypassing default local file access restrictions, leading to information disclosure...

5.5CVSS5.7AI score0.00013EPSS

OSV•added 2026/05/18 8:52 a.m.•4 views

SUSE-SU-2026:21731-1 Security update for python-lxml

This update for python-lxml fixes the following issue - CVE-2026-41066: Information disclosure via untrusted XML input leading to local file read bsc1263254...

7.5CVSS5.8AI score0.0006EPSS

Exploits1References3

Tenable Nessus•added 2026/05/16 12:0 a.m.•5 views

SUSE SLES16 Security Update : python-lxml (SUSE-SU-2026:21603-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:21603-1 advisory. This update for python-lxml fixes the following issue - CVE-2026-41066: Information disclosure via untrusted XML input leading to local fil...

7.5CVSS5.8AI score0.0006EPSS

Exploits1References4

Vulnrichment•added 2026/05/14 6:6 p.m.•3 views

CVE-2026-42598 Pode: Directory Traversal is possible on Static Routes

Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible to request paths such as http://localhost:8080/c:/Windows/System32/drivers/etc/hosts and have the...

6.9CVSS5.8AI score0.00056EPSS

NVD•added 2026/05/13 10:16 p.m.•9 views

CVE-2026-44445

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

6.5CVSS0.0005EPSS

Vulnrichment•added 2026/05/13 9:17 p.m.•6 views

CVE-2026-44445 ERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI Module

5.3CVSS5.8AI score0.0005EPSS

EUVD•added 2026/05/13 9:17 p.m.•6 views

EUVD-2026-30196

5.3CVSS5.8AI score0.0005EPSS

Cvelist•added 2026/05/13 9:17 p.m.•29 views

CVE-2026-44445 ERPNext: XML External Entity (XEE) Reference Vulnerability in the EDI Module

5.3CVSS0.0005EPSS

CNNVD•added 2026/05/13 12:0 a.m.•5 views

ERPNext 代码问题漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to 15.104.3 and 16.12.0 contained code vulnerabilities. These vulnerabilities stemmed from improper restrictions on XML external entity references in the EDI...

6.5CVSS5.9AI score0.0005EPSS

OSV•added 2026/05/12 6:17 p.m.•11 views

PYSEC-2026-30

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...

Cvelist•added 2026/05/12 4:56 p.m.•31 views

Exploits1References2

CVE-2026-43891 changedetection.io: Arbitrary Local File Read via crafted backup restore

7.5CVSS0.00037EPSS

Exploits1References1

CVE•added 2026/05/12 4:56 p.m.•9 views

CVE-2026-43891

Summary: CVE-2026-43891 and related advisories describe an arbitrary local file read in changedetection.io caused by trusting attacker-controlled history.txt entries restored via crafted backups. Prior to 0.55.1, history values containing path separators are treated as filesystem paths and can re...

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/12 4:56 p.m.•5 views

CVE-2026-43891 changedetection.io: Arbitrary Local File Read via crafted backup restore

CNNVD•added 2026/05/12 12:0 a.m.•5 views

Exploits1References1

changedetection.io 安全漏洞

changedetection.io is a website-based application developed by dgtlmoon, designed for change detection, monitoring, and notification. Versions of changedetection.io prior to 0.55.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of snapshot paths retrieved from back...