CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/24 6:5 p.m.•3 views

MAL-2026-4678 Malicious code in sysnode (npm)

5.8AI score

NVD•added 2026/05/23 5:16 a.m.•8 views

CVE-2026-6419

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...

8.8CVSS0.00353EPSS

Cvelist•added 2026/05/23 4:27 a.m.•16 views

CVE-2026-6419 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_get_screen' AJAX action

8.8CVSS0.00353EPSS

Vulnrichment•added 2026/05/23 4:27 a.m.•7 views

CVE-2026-6419 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_get_screen' AJAX action

8.8CVSS5.9AI score0.00353EPSS

CNNVD•added 2026/05/23 12:0 a.m.•7 views

WordPress plugin WishList Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS5.9AI score0.00353EPSS

Exploits0References3

Positive Technologies•added 2026/05/23 12:0 a.m.•8 views

PT-2026-42863

Name of the Vulnerable Software and Affected Versions WishList Member versions prior to 3.30.2 Description An issue exists where missing authorization allows for privilege escalation. The ajax get screen function fails to perform necessary capability and nonce checks. Authenticated attackers with...

8.8CVSS5.9AI score0.00353EPSS

Exploits0References5

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Issue: Skipping the reallocation of the Unicode buffer when resizing the alternate screen after exiting the alt screen mode. When the enteraltscreen function saves vcunilines into vcsavedunilines and sets vcunilines to NULL, a...

7.8CVSS5.9AI score0.00127EPSS

6.5CVSS6.8AI score0.00657EPSS

Astra Linux - уязвимость в thunderbird, firefox

A website could have obscured the full-screen notification by using a URL that was processed by an external program, such as a mailto URL. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 116, Firefox ESR 115.2, and Thunderbi...

7.1CVSS6.1AI score0.00178EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fixed out-of-bounds access issues. The memory range was clipped to the size of the screen buffer to prevent out-of-bounds access during the damage handling in fbdev’ deferred I/O operations. fbdev’ deferred I/O can...

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в thunderbird, firefox

A website could have obscured the full-screen notification by using the file open dialog. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 116, Firefox ESR 115.2, and Thunderbird 115.2...

7.5CVSS7.1AI score0.00545EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: In the fbdev subsystem, within the vt8623fb function, there is a issue where the value of screensize is calculated based on user input. If an improper value is provided by the user, the value of screensize may be larger than...

7.8CVSS5.7AI score0.00215EPSS

6.5CVSS6.8AI score0.00237EPSS

Astra Linux - уязвимость в firefox

A website can prevent a user from exiting full-screen mode through alerts and prompts. This can lead to user confusion and potential spoofing attacks. This vulnerability affects Firefox versions earlier than 115...

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в chromium

The incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof the security UI through a crafted HTML page. Chromium security severity: Medium...

6.5CVSS7AI score0.00547EPSS

7.1CVSS6.6AI score0.00446EPSS

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A use-after-free flaw was discovered in vcsread in drivers/tty/vt/vc-screen.c within vc-screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...

OSSF Malicious Packages•added 2026/05/20 1:31 a.m.•8 views

Malicious code in carvus-lens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2182b552b0a8359f3314078d48310cfcd57738e1934aacf00ac8775a32cfe0 carvus-lens is a screen-capture/OCR Electron-style tool whose advertised 'Ask AI', 'Translate', and 'Search' features silently route user-selected...

6AI score

OSV•added 2026/05/20 1:31 a.m.•3 views

MAL-2026-4505 Malicious code in carvus-lens (npm)

6AI score

NVD•added 2026/05/20 12:16 a.m.•10 views

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS0.00176EPSS