CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/12 12:0 a.m.•11 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient trustworthiness in Skia’s input validation mechanisms, which could allow remote attackers t...

3.1CVSS6AI score0.00134EPSS

CNNVD•added 2026/05/12 12:0 a.m.•8 views

Google Chrome 竞争条件问题漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a race condition vulnerability, which originated from a race condition issue in the Payments component. This vulnerability could allow remote attackers to exploit the system by usin...

8.3CVSS5.8AI score0.00166EPSS

CNNVD•added 2026/05/12 12:0 a.m.•8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from incorrect security UI in the Downloads component, which could allow remote attackers to execute UI spoofing through a...

4.2CVSS5.9AI score0.00163EPSS

Exploits0References2

CNNVD•added 2026/05/12 12:0 a.m.•8 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds write operations in the Media component, which could allow remote attackers with compromised rendering...

8.3CVSS6.2AI score0.00207EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•13 views

PT-2026-40453

Name of the Vulnerable Software and Affected Versions Linux ksmbd affected versions not specified Description A remote memory corruption issue exists in the ACL inheritance path. Remote clients with directory creation permissions can trigger a heap out-of-bounds read and subsequent heap corruptio...

8.8CVSS5.9AI score0.00179EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•11 views

PT-2026-40284

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

7.5CVSS5.8AI score0.0045EPSS

Redos•added 2026/05/12 12:0 a.m.•8 views

ROS-20260512-73-0004

Vulnerability in python-PyPDF2 related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

6.5CVSS5.8AI score0.00349EPSS

Exploits0

Cvelist•added 2026/05/11 11:30 p.m.•37 views

CVE-2026-8349 omec-project amf NGAP Message memory corruption

5.3CVSS0.00309EPSS

CVE•added 2026/05/11 11:30 p.m.•27 views

CVE-2026-8349

CVE-2026-8349 affects the omec-project amf up to 2.1.1, specifically the NGAP Message Handler. A remote manipulation can cause memory corruption. An exploit has been published; a patch is available (hash: 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa). Remediation: apply the pa...

5.3CVSS5.3AI score0.00309EPSS

Vulnrichment•added 2026/05/11 11:15 p.m.•7 views

CVE-2026-8346 D-Link DIR-816 portForward command injection

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

6.5CVSS6.5AI score0.03095EPSS

CVE•added 2026/05/11 11:15 p.m.•18 views

CVE-2026-8346

The CVE-2026-8346 entry concerns D-Link DIR-816 devices (firmware 1.10CNB05_R1B011D88210/variants) where the portForward function is vulnerable. A flaw in handling the ip_address argument enables remote command injection, with reported public exploits. The affected component is the portForward lo...

8.8CVSS6.5AI score0.03095EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/05/11 11:15 p.m.•37 views

CVE-2026-8346 D-Link DIR-816 portForward command injection

6.5CVSS0.03095EPSS

Vulnrichment•added 2026/05/11 10:0 p.m.•9 views

CVE-2026-8345 D-Link DIR-816 singlePortForward sub_445E7C command injection

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

6.5CVSS6.4AI score0.03156EPSS

CVE•added 2026/05/11 10:0 p.m.•18 views

CVE-2026-8345

The vulnerability CVE-2026-8345 affects D-Link DIR-816 devices (firmware version 1.10CNB05_R1B011D88210). The issue resides in function sub_445E7C of /goform/singlePortForward, where manipulating the ip_address argument enables command injection. Exploitation can be performed remotely. The public...

8.8CVSS6.4AI score0.03156EPSS

Exploits1References5Affected Software1

EUVD•added 2026/05/11 9:31 p.m.•9 views

EUVD-2026-29201

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...

6.9CVSS5.7AI score0.00372EPSS

Exploits0References6

Cvelist•added 2026/05/11 9:30 p.m.•38 views

CVE-2026-8344 D-Link DIR-816 formDMZ.cgi sub_445E7C command injection

6.5CVSS0.03156EPSS