CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7237 matches found

EUVD-2026-37836

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

8.8CVSS5.3AI score0.00387EPSS

Exploits0References10

CVE•added 3 days ago•14 views

CVE-2026-12407

CVE-2026-12407 affects the E2Pdf – Export Pdf Tool for WordPress plugin versions up to 1.32.26. The screen_action() path bypasses nonce and capability checks, reading attacker-controlled options from $_POST['wp_screen_options'] and passing them to update_option() with no allowlist, enabling authe...

8.8CVSS5.4AI score0.00387EPSS

Exploits0References10

Cvelist•added 3 days ago•19 views

CVE-2026-12407 E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter

8.8CVSS0.00387EPSS

Exploits0References10

RedHat Linux•added 4 days ago•5 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow()

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

5.5CVSS5.3AI score0.00183EPSS

Exploits0References7

Nuclei•added 5 days ago•78 views

Apache OFBiz - Improper Authorization & Remote Code Execution

Improper Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

9.8CVSS9AI score0.99427EPSS

Exploits10References5

Microsoft CVE•added 5 days ago•5 views

Chromium: CVE-2026-11648 Use after free in FullScreen

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.2AI score0.00303EPSS

Exploits0

OSSF Malicious Packages•added 2026/06/11 6:49 a.m.•9 views

Malicious code in sysbu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d7e10321db9abd5e77b0f656d5fac237968ecd79c0ce409b58ee555fb5b236 Despite advertising itself as a 'System binary configuration tool', sysbu's index.js unconditionally invokes startApp on require/CLI execution. If...

5.6AI score

Exploits0References2

OSV•added 2026/06/11 6:49 a.m.•6 views

MAL-2026-5616 Malicious code in sysbu (npm)

5.6AI score

Exploits0References2

OSSF Malicious Packages•added 2026/06/11 6:49 a.m.•8 views

Malicious code in sysau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b2cf08a271605de33b2c202bb8a5a6689251e9a4711a628a88c57ebf0ec4f07 On install/load, index.js auto-runs a bootstrap that silently installs Python 3.12 via winget, falling back to a /quiet curl of python-3.12.3-amd64.e...

5.6AI score

Exploits0References1

OSV•added 2026/06/11 6:49 a.m.•7 views

MAL-2026-5615 Malicious code in sysau (npm)

5.6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/06/11 6:49 a.m.•8 views

Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...

5.6AI score

Exploits0References2

OSV•added 2026/06/11 6:49 a.m.•9 views

MAL-2026-5617 Malicious code in sysnu (npm)

5.6AI score

Exploits0References2

CNNVD•added 2026/06/11 12:0 a.m.•9 views

Vim 缓冲区错误漏洞

Vim is an open-source, cross-platform text editor developed by Vim. Versions of Vim prior to 9.2.0565 contained a buffer error vulnerability. This vulnerability stemmed from the updatesnapshot function, which performed a copy of the visible terminal screen into the scroll buffer. During this...

8.2CVSS5.6AI score0.00307EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 6:7 p.m.•5 views

CVE-2026-11648

An use after free flaw was found in the FullScreen component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=506684534...

8.8CVSS5.4AI score0.00253EPSS

Exploits0References5

Tenable Nessus•added 2026/06/10 12:0 a.m.•5 views

EulerOS 2.0 SP13 : tigervnc (EulerOS-SA-2026-2359)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application...

9.8CVSS5.5AI score0.00247EPSS

Exploits0References2

OSV•added 2026/06/09 12:16 a.m.•3 views

DEBIAN-CVE-2026-11648

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.6AI score0.00253EPSS

Exploits0References1