CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.1CVSS4.1AI score0.00253EPSS

EUVD-2026-23837

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

EUVD•added 2026/04/20 12:32 p.m.•2 views

EUVD-2026-23823

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

6.5CVSS6.3AI score0.00196EPSS

4.8CVSS4.2AI score0.00206EPSS

EUVD-2026-23814

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

9CVSS7.8AI score0.00447EPSS

EUVD-2026-23827

A vulnerability was found in Tenda F451 1.0.0.7cnsvn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The attack may be initiated remotely. The exploit has be...

EUVD•added 2026/04/20 12:32 p.m.•6 views

EUVD-2026-23822

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS6.2AI score0.00232EPSS

7.5CVSS6.5AI score0.003EPSS

EUVD-2026-23821

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogupicture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...

EUVD•added 2026/04/20 12:32 p.m.•5 views

EUVD-2026-23828

A vulnerability was determined in Tenda F451 1.0.0.7cnsvn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The...

9CVSS7.9AI score0.00544EPSS

OSV•added 2026/04/20 12:32 p.m.•4 views

GHSA-5PV2-86QJ-5JF9 Cockpit has NoSQL Injection Through Content Aggregation Pipelines

6.3CVSS6.2AI score0.00232EPSS

OSV•added 2026/04/20 12:32 p.m.•6 views

GHSA-GQP3-HFC3-8Q54 Memos has an Incorrect Privilege Assignment issue

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...

6.3CVSS5.5AI score0.00252EPSS

NVD•added 2026/04/20 12:16 p.m.•4 views

CVE-2026-6636

A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack...

5.3CVSS0.00467EPSS

Cvelist•added 2026/04/20 12:0 p.m.•30 views

CVE-2026-6636 p2r3 convert API buildCache.js Bun.serve path traversal

5.3CVSS0.00467EPSS

Vulnrichment•added 2026/04/20 12:0 p.m.•5 views

CVE-2026-6636 p2r3 convert API buildCache.js Bun.serve path traversal

5.3CVSS5.4AI score0.00467EPSS

ATTACKERKB•added 2026/04/20 12:0 p.m.•4 views

CVE-2026-6636

5.3CVSS5.4AI score0.00467EPSS

Vulnrichment•added 2026/04/20 11:45 a.m.•1 views

CVE-2026-6635 rowboatlabs rowboat tools_webhook app.py tool_call improper authentication

A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function toolcall of the file apps/experimental/toolswebhook/app.py of the component toolswebhook. Such manipulation of the argument X-Tools-JWE leads to improper authentication. The attack may be...

7.5CVSS6.5AI score0.00466EPSS

CVE•added 2026/04/20 11:45 a.m.•10 views

CVE-2026-6635

Summary (CVE-2026-6635): Rowboat by Rowboat Labs, affected versions up to 0.1.67, has a vulnerability in the tools_webhook module. The flaw affects the function tool_call in apps/experimental/tools_webhook/app.py, where manipulation of the X-Tools-JWE header enables improper authentication. The i...

7.5CVSS6.5AI score0.00466EPSS

Vulnrichment•added 2026/04/20 11:30 a.m.•6 views

CVE-2026-6634 usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization

6.5CVSS6.2AI score0.00252EPSS

Cvelist•added 2026/04/20 11:30 a.m.•30 views

CVE-2026-6634 usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization

6.5CVSS0.00252EPSS