CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/02 10:2 p.m.•9 views

CVE-2026-45632

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

9.9CVSS6AI score0.00256EPSS

NVD•added 2026/06/02 9:16 p.m.•8 views

CVE-2026-49143

BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data to vm.runInNewContex...

8.8CVSS0.00392EPSS

ATTACKERKB•added 2026/06/02 8:31 p.m.•10 views

CVE-2026-49143

8.8CVSS6.7AI score0.00392EPSS

Cvelist•added 2026/06/02 8:31 p.m.•31 views

CVE-2026-49143 BrowserStack Runner 0.9.5 Unauthenticated RCE via /_log HTTP Handler

8.8CVSS0.00392EPSS

CVE•added 2026/06/02 8:31 p.m.•38 views

CVE-2026-49143

CVE-2026-49143 affects BrowserStack Runner up to version 0.9.5. The vulnerability is in the /_log HTTP handler, permitting unauthenticated, network-adjacent attackers to achieve remote code execution by sending crafted JSON bodies that are passed to vm.runInNewContext() with eval(); attackers can...

8.8CVSS6.7AI score0.00392EPSS

Vulnrichment•added 2026/06/02 8:31 p.m.•6 views

CVE-2026-49143 BrowserStack Runner 0.9.5 Unauthenticated RCE via /_log HTTP Handler

8.8CVSS6.7AI score0.00392EPSS

NVD•added 2026/06/02 8:16 p.m.•11 views

CVE-2026-42211

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution RCE through external requests. This attack requires the application code to have an existing prototype pollution...

8.1CVSS0.00416EPSS

NVD•added 2026/06/02 8:16 p.m.•13 views

CVE-2026-1829

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

8.8CVSS0.00682EPSS

Vulnrichment•added 2026/06/02 6:18 p.m.•5 views

CVE-2026-42211 React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE

8.1CVSS6.5AI score0.00416EPSS

Cvelist•added 2026/06/02 6:18 p.m.•28 views

CVE-2026-42211 React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE

8.1CVSS0.00416EPSS

CVE•added 2026/06/02 6:18 p.m.•117 views

CVE-2026-42211

CVE-2026-42211 affects React Router versions 7.0.0–7.14.1 when used in Framework Mode. A combination of steps could enable a prototype pollution condition that an attacker could leverage in a two-step process to trigger unauthorized remote code execution on the remote server. The issue does not i...

8.1CVSS6.5AI score0.00416EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/02 5:28 p.m.•31 views

CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

8.8CVSS0.00682EPSS

Vulnrichment•added 2026/06/02 5:28 p.m.•7 views

CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

8.8CVSS6.1AI score0.00682EPSS

ATTACKERKB•added 2026/06/02 5:28 p.m.•6 views

CVE-2026-1829

8.8CVSS6.1AI score0.00682EPSS

Exploits0References4

EUVD•added 2026/06/02 5:28 p.m.•8 views

EUVD-2026-33993

8.8CVSS6.1AI score0.00682EPSS

NVD•added 2026/06/02 5:16 p.m.•13 views

CVE-2026-0611

Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port 8989 that allows attackers to perform arbitrary file read and write operations by...

9.8CVSS0.00664EPSS

GithubExploit•added 2026/06/02 4:57 p.m.•85 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 - MCPJam Inspector RCE PoC Proof of Concept ex...

9.8CVSS6AI score0.38374EPSS

Exploits29

NVD•added 2026/06/02 4:16 p.m.•15 views

CVE-2026-47117

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS0.00927EPSS

Exploits0References4

NVD•added 2026/06/02 4:16 p.m.•16 views

CVE-2026-30649

Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the setgetparam.cgi component...

7.3CVSS0.00427EPSS