CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43600

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a no...

7.1CVSS6AI score0.00223EPSS

CNNVD•added 2026/05/27 12:0 a.m.•10 views

WordPress plugin Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00156EPSS

Tenable Nessus•added 2026/05/27 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot ...

5.5CVSS5.4AI score0.00093EPSS

Tenable Nessus•added 2026/05/27 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-46059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an...

5.5CVSS5.4AI score0.00121EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43599

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00223EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•12 views

PT-2026-43948

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory corruption issue exists in the Linux kernel crypto acomp component. The function acomp save req incorrectly stores the address of the chain member &req-chain in req-base.data...

9.8CVSS6.1AI score0.01582EPSS

Exploits12References280

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43881

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description In the KVM SVM component, there is a failure in the save and restore handling of Last Branch Record LBR Model Specific Registers MSRs. Specifically, MSR IA32 DEBUGCTLMSR and LBR MSRs are no...

9.8CVSS5.8AI score0.01582EPSS

Exploits12References279

NVD•added 2026/05/26 9:16 p.m.•10 views

CVE-2026-48592

Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...

5.3CVSS0.0041EPSS

Cvelist•added 2026/05/26 7:46 p.m.•30 views

CVE-2026-48592 Missing authorization check on save-job event handler in oban_web

5.3CVSS0.0041EPSS

Vulnrichment•added 2026/05/26 7:46 p.m.•6 views

CVE-2026-48592 Missing authorization check on save-job event handler in oban_web

EUVD•added 2026/05/26 7:46 p.m.•8 views

EUVD-2026-31975

ATTACKERKB•added 2026/05/26 7:46 p.m.•6 views

CVE-2026-48592

Exploits0References5Affected Software1

CVE•added 2026/05/26 7:46 p.m.•14 views

CVE-2026-48592

CVE-2026-48592 - Normal (concrete details available) Affected software: oban_web (Elixir Oban) prior to version 2.12.5. The vulnerability occurs in the LiveView component Elixir.Oban.Web.Jobs.DetailComponent during handling of the save-job event. The handle_event("save-job", ...) path does not pe...

OSV•added 2026/05/26 7:46 p.m.•6 views

EEF-CVE-2026-48592 Missing authorization check on save-job event handler in oban_web

Summary Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling...

GithubExploit•added 2026/05/26 12:15 a.m.•66 views

spectr

SPECTR Scan Parser & Exploit Recon Tool SPECTR is a CLI c...

5.8AI score

Exploits0

Positive Technologies•added 2026/05/26 12:0 a.m.•5 views

PT-2026-43407

Missing Authorization vulnerability in oban-bg oban web 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handle event"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...

Snyk•added 2026/05/25 11:17 p.m.•6 views

Exploits0References5

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect due to insufficient validation of the Referer header in saveRequestReferer. An authenticated user can redirect users to arbitrary external sites by supplying a malicious Referer value during authentication. Remediation...

5.4CVSS5.9AI score0.00352EPSS

Vulnrichment•added 2026/05/25 2:15 p.m.•6 views

CVE-2018-25378 Notebook Pro 2.0 Denial of Service via Notebook Name Field

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Noteboo...

6.9CVSS5.8AI score0.00136EPSS