CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53171 matches found

CVE•added 2026/05/08 12:0 a.m.•22 views

CVE-2025-67886

CVE-2025-67886 affects Bitrix24 up to version 25.100.300, with the vulnerability residing in the Translate Module. An actor with SOURCE/WRITE permissions can upload an archive containing a PHP file and a crafted .htaccess, which then leads to remote code execution after extraction. Exploitation d...

6.3CVSS6AI score0.00036EPSS

Exploits3References6

Cvelist•added 2026/05/08 12:0 a.m.•23 views

CVE-2025-67886

Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privileged...

0.00036EPSS

Exploits3References5

CNNVD•added 2026/05/08 12:0 a.m.•4 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a logical error in the sched/mmcid module when processing vfork/CLONEVM. This error causes tasks ...

5.5CVSS5.8AI score0.00014EPSS

Exploits0References2

Tenable Nessus•added 2026/05/08 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-42501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affect...

7.5CVSS5.7AI score0.00008EPSS

Exploits0References3

Tenable Nessus•added 2026/05/08 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-43409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kprobes: avoid crash when rmmod/insmod after ftrace killed After we hit ftrace is killed by some errors, the kernel crash if we remove modules in which kprobe...

5.5CVSS5.8AI score0.00013EPSS

Exploits0References4

OSV•added 2026/05/07 9:41 p.m.•0 views

GHSA-XHRW-5QXX-JPWR Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install

Summary Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A...

7.1CVSS5.9AI score0.00057EPSS

Exploits0References3

EUVD•added 2026/05/07 9:30 p.m.•6 views

EUVD-2026-28433

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

5.8AI score0.00008EPSS

Exploits0References5

RedhatCVE•added 2026/05/07 8:21 p.m.•5 views

CVE-2026-40076

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...

9.4CVSS6.5AI score0.00107EPSS

Exploits1References1

RedhatCVE•added 2026/05/07 8:21 p.m.•6 views

CVE-2026-30815

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...

8.5CVSS7.4AI score0.00114EPSS

Exploits0References1

RedhatCVE•added 2026/05/07 8:21 p.m.•6 views

CVE-2026-30814

A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...

8CVSS6.5AI score0.00035EPSS

Exploits0References1

OSV•added 2026/05/07 8:16 p.m.•6 views

DEBIAN-CVE-2026-42501

7.5CVSS5.8AI score0.00008EPSS

Exploits0References1

NVD•added 2026/05/07 8:16 p.m.•8 views

CVE-2026-42501

7.5CVSS0.00008EPSS

Exploits0References4

OSV•added 2026/05/07 8:16 p.m.•2 views

UBUNTU-CVE-2026-42501

7.5CVSS5.8AI score0.00008EPSS

Exploits0References8

UbuntuCve•added 2026/05/07 8:16 p.m.•5 views

CVE-2026-42501

7.5CVSS5.8AI score0.00008EPSS

Exploits0References7

OSV•added 2026/05/07 8:7 p.m.•4 views

MAL-2026-3371 Malicious code in pycacheopt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf50eae305079227b5283e08547cc201f941624c95e49460c3e6544cdd1e221b The extension module hides code that in specific circumstances executes given code. The malicious action is hidden only in the extension module with the...

5.9AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/07 8:7 p.m.•7 views

Malicious code in pycacheopt (PyPI)

5.9AI score

Exploits0References2

ATTACKERKB•added 2026/05/07 7:41 p.m.•9 views

CVE-2026-42501

5.8AI score0.00008EPSS

Exploits0References5Affected Software1

CVE•added 2026/05/07 7:41 p.m.•17 views

CVE-2026-42501

CVE-2026-42501 affects the Go toolchain download path via untrusted module proxies (GOMODPROXY) or checksum databases (GOSUMDB). The flaw allows a malicious module proxy to bypass checksum database validation when the Go toolchain is downloaded/selected (via GOTOOLCHAIN, go.work, or go.mod toolch...

7.5CVSS5.8AI score0.00008EPSS

Exploits0References4Affected Software1