CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/03 12:0 a.m.•12 views

PT-2026-45989

5.8AI score0.0018EPSS

Exploits0References3

Vulnrichment•added 2026/06/03 12:0 a.m.•5 views

CVE-2026-36460

5.5AI score0.0018EPSS

CNNVD•added 2026/06/03 12:0 a.m.•6 views

Dovestones ADPhonebook 安全漏洞

Dovestones ADPhonebook is a corporate address book and employee directory management system developed by the Canadian company Dovestones. Versions of Dovestones ADPhonebook prior to 4.0.1.1 contained security vulnerabilities. These vulnerabilities stemmed from insufficient input validation and...

4.8CVSS5.4AI score0.0018EPSS

CVE•added 2026/06/03 12:0 a.m.•8 views

CVE-2026-36460

CVE-2026-36460 affects Dovestones Softwares ADPhonebook prior to v4.0.1.1. The issue is a Cross Site Scripting flaw in the /Admin/Save API where an authenticated admin can store malicious JavaScript payloads in multiple configuration sections due to missing input validation or output encoding. Af...

4.8CVSS5.8AI score0.0018EPSS

CVE•added 2026/06/02 11:27 p.m.•17 views

CVE-2026-9732

The CVE concerns the WordPress plugin “EmergencyWP – Dead Man's switch & legacy deliverance” up to version 1.4.2. The root cause is missing or incorrect nonce validation in the form_settings_ui (settings save handler) function, enabling Cross-Site Request Forgery. This allows unauthenticated atta...

4.3CVSS5.7AI score0.00128EPSS

Exploits0References4

Cvelist•added 2026/06/02 7:48 a.m.•39 views

CVE-2026-9234 JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...

4.3CVSS0.00204EPSS

ATTACKERKB•added 2026/06/02 2:0 a.m.•13 views

CVE-2026-10567

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

Exploits0References9Affected Software1

EUVD•added 2026/06/02 2:0 a.m.•9 views

EUVD-2026-33875

CVE•added 2026/06/02 2:0 a.m.•16 views

Exploits0References9

CVE-2026-10567

The CVE concerns 1Panel-dev CordysCRM up to version 1.4.1. The vulnerability is in ModuleFormController/ModuleFormService.java (Save function); manipulating the Description argument leads to cross-site scripting (XSS). Exploitation is possible remotely and the exploit has been disclosed publicly....

Positive Technologies•added 2026/06/02 12:0 a.m.•11 views

Exploits0References9

PT-2026-45685

CNNVD•added 2026/06/02 12:0 a.m.•2 views

Exploits0References10

CordysCRM 代码注入漏洞

FIT2CLOUD CordysCRM is a customer relationship management system developed by FIT2CLOUD. Versions of CordysCRM 1.4.1 and earlier contain a code injection vulnerability. This vulnerability stems from a issue with the Save function in the ModuleFormController component’s file...

5.1CVSS4.9AI score0.00237EPSS

Exploits0References9

Vulnrichment•added 2026/06/01 9:45 p.m.•6 views

CVE-2026-10295 SourceCodester Customer Review App review_app.py get_all_reviews denial of service

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

4.8CVSS5.5AI score0.0012EPSS

CVE•added 2026/06/01 9:45 p.m.•14 views

CVE-2026-10295

SourceCodester Customer Review App 1.0 is affected. The vulnerability lies in review_app.py functions add_review, save_review, and get_all_reviews, where manipulating the name/comment argument leads to a local denial of service. The attack requires local access and a public exploit exists. Impact...

4.8CVSS5.5AI score0.0012EPSS

NVD•added 2026/06/01 7:16 p.m.•8 views

CVE-2026-10277

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

6.5CVSS0.00276EPSS

Cvelist•added 2026/06/01 5:15 p.m.•25 views

CVE-2026-10277 j3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access control

6.5CVSS0.00276EPSS

EUVD•added 2026/06/01 5:15 p.m.•7 views

EUVD-2026-33721

6.5CVSS6.1AI score0.00276EPSS

CVE•added 2026/06/01 5:15 p.m.•12 views

CVE-2026-10277

CVE-2026-10277 affects the MCP Gmail Tool in j3k0/mcp-google-workspace (up to commit 831790e7d5c2663325733d9f5579cc339a267c4c). The vulnerability resides in the saveToDisk function of src/tools/gmail.ts and leads to improper access controls when a manipulation is performed, with remote initiation...

6.5CVSS6.1AI score0.00276EPSS

OSV•added 2026/06/01 2:9 p.m.•7 views

GHSA-5XRQ-8626-4RWP When Vitest UI server is listening, arbitrary file can be read and executed

Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. Impact Only users that match either of the following conditions are affected: - explicitly exposes the Vitest UI server to the network using --api.host or api.host config opti...

9.8CVSS6.4AI score0.00232EPSS

NVD•added 2026/06/01 1:16 p.m.•10 views

CVE-2026-10256

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /savecomment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

6.5CVSS0.00319EPSS