CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/24 12:0 a.m.•12 views

PT-2026-42915

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended...

5.1CVSS4.3AI score0.0024EPSS

Exploits0References3

CNNVD•added 2026/05/24 12:0 a.m.•8 views

Edimax BR-6675nD 安全漏洞

The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a security vulnerability. This vulnerability stems from the formsetPPPoE function in the POST Request Handler component, where improper handling of the...

9CVSS7.8AI score0.00589EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•10 views

PT-2026-42945

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

10CVSS7AI score0.01909EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•12 views

PT-2026-42942

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formPPTPSetup function located in the '/goform/formPPTPSetup' endpoint when manipulating...

9CVSS7.5AI score0.00751EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•11 views

PT-2026-42936

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

6.5CVSS6.2AI score0.00261EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•9 views

PT-2026-42932

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as...

6.3CVSS5.2AI score0.0041EPSS

Exploits0References7

NVD•added 2026/05/23 11:16 p.m.•11 views

CVE-2026-9342

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS0.00246EPSS

Vulnrichment•added 2026/05/23 10:15 p.m.•6 views

CVE-2026-9342 SourceCodester Hospitals Patient Records Management System view_history.php sql injection

CVE•added 2026/05/23 10:15 p.m.•34 views

CVE-2026-9342

SourceCodester Hospitals Patient Records Management System 1.0 has a remote SQL injection in the file /admin/patients/view_history.php via manipulation of the ID argument. The flaw arises from unsanitized input, enabling a potential attacker to execute arbitrary SQL. Reported impacts include data...

ATTACKERKB•added 2026/05/23 10:15 p.m.•10 views

CVE-2026-9342

Exploits0References5Affected Software1

EUVD•added 2026/05/23 10:15 p.m.•10 views

EUVD-2026-31554

NVD•added 2026/05/23 4:19 p.m.•13 views

CVE-2026-9306

A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be...

6.3CVSS0.00347EPSS

NVD•added 2026/05/23 3:16 p.m.•12 views

CVE-2026-9305

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...

6.5CVSS0.00246EPSS

EUVD•added 2026/05/23 3:0 p.m.•10 views

EUVD-2026-31542

6.3CVSS5.2AI score0.00347EPSS

CVE•added 2026/05/23 3:0 p.m.•58 views

CVE-2026-9306

CVE-2026-9306 affects QuantumNous new-api up to 0.12.1, specifically the Midjourney Image Relay Endpoint’s RelayMidjourneyImage/GetByOnlyMJId in router/relay-router.go. The issue enables authorization bypass through manipulation of the endpoint. It is reported as exploitable remotely with high co...

6.3CVSS5.2AI score0.00347EPSS

Vulnrichment•added 2026/05/23 3:0 p.m.•8 views

CVE-2026-9306 QuantumNous new-api Midjourney Image Relay Endpoint relay-router.go GetByOnlyMJId authorization

6.3CVSS5.2AI score0.00347EPSS

Vulnrichment•added 2026/05/23 2:30 p.m.•7 views

CVE-2026-9305 QuantumNous new-api self Endpoint topup.go SearchAllTopUps sql injection

6.5CVSS6.4AI score0.00246EPSS

CVE•added 2026/05/23 2:30 p.m.•49 views

CVE-2026-9305

CVE-2026-9305 affects QuantumNous new-api self Endpoint up to version 0.12.1. The vulnerable element is the functions SearchUserTopUps and SearchAllTopUps in file model/topup.go, enabling a SQL injection via remote exposure. Public exploit availability is claimed. No remediation details are provi...

6.5CVSS6.4AI score0.00246EPSS

EUVD•added 2026/05/23 2:30 p.m.•9 views

EUVD-2026-31541

6.5CVSS6.4AI score0.00246EPSS