CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•5 views

CVE-2026-39358

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

7.2CVSS6.1AI score0.00037EPSS

RedhatCVE•added yesterday•5 views

CVE-2026-26062

Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to...

8.7CVSS5.5AI score0.00088EPSS

RedhatCVE•added 4 days ago•7 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS5.8AI score0.00049EPSS

Vulnrichment•added 2026/05/21 9:32 p.m.•4 views

CVE-2026-8410 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.00022EPSS

ATTACKERKB•added 2026/05/18 12:0 a.m.•3 views

CVE-2026-39079

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

7.5CVSS5.8AI score0.00055EPSS

Vulnrichment•added 2026/05/16 3:26 p.m.•7 views

CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...

CVE•added 2026/05/16 3:26 p.m.•9 views

Exploits0References4

CVE-2021-47980

Fuel CMS 1.4.13 is affected by a blind SQL injection via the col parameter in the Activity Log interface. Authenticated attackers can craft requests to the logs endpoint with malicious SQL payloads in col to influence database queries and infer data based on response-time delays. The provided doc...

RedhatCVE•added 2026/05/16 1:56 a.m.•7 views

Exploits0References4

CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

7.1CVSS5.9AI score0.00034EPSS

CNNVD•added 2026/05/16 12:0 a.m.•7 views

FUEL CMS SQL注入漏洞

Fuel CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.4.13 of Fuel CMS has a SQL injection vulnerability. This vulnerability stems from a blind SQL injection flaw, allowing authenticated attackers to manipulate database queries throug...

Positive Technologies•added 2026/05/16 12:0 a.m.•6 views

PT-2026-41466

Name of the Vulnerable Software and Affected Versions Fuel CMS version 1.4.13 Description Authenticated attackers can manipulate database queries by injecting SQL code through the col parameter in the Activity Log interface. By sending requests to the 'logs' endpoint with malicious SQL payloads i...

NVD•added 2026/05/14 8:17 p.m.•3 views

Exploits0References6

CVE-2026-26062

8.7CVSS0.00088EPSS

Cvelist•added 2026/05/14 7:0 p.m.•32 views

CVE-2026-26062 Fleet server may terminate unexpectedly when handling certain gRPC requests

8.7CVSS0.00088EPSS

CVE•added 2026/05/14 7:0 p.m.•9 views

CVE-2026-26062

CVE-2026-26062 affects Fleet before version 4.81.0, where the gRPC Launcher PublishLogs endpoint could terminate the Fleet server when handling certain inputs. An authenticated attacker with access to an enrolled Launcher node key could trigger an immediate DoS by sending a single gRPC request, i...

8.7CVSS5.8AI score0.00088EPSS

Exploits0References2Affected Software1

OSV•added 2026/05/14 4:16 p.m.•4 views

GHSA-CJ9G-27PH-4CGV wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API

Summary Any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The RoutinePermission class grants read access to any authenticated user when a routine has...

7.5CVSS5.8AI score