CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•9 views

CVE-2026-41726

In Spring for Apache Kafka, CVE-2026-41726 arises when an application uses the DelegatingDeserializer and an attacker can send records with unique, random spring.kafka.serialization.selector header values. This can cause the consumer’s heap to grow without bound, leading to garbage-collection thr...

6.5CVSS5.5AI score0.0004EPSS

RedhatCVE•added 6 days ago•6 views

CVE-2026-9811

A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields...

5.4CVSS5.5AI score0.00024EPSS

RedhatCVE•added 6 days ago•5 views

CVE-2026-4665

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

6.4CVSS5.7AI score0.00039EPSS

RedhatCVE•added 6 days ago•6 views

CVE-2026-39972

Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...

7.1CVSS5.4AI score0.00036EPSS

EUVD•added 2026/06/02 2:17 p.m.•7 views

EUVD-2026-33944

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...

8.5CVSS5.9AI score0.00015EPSS

OSV•added 2026/06/01 9:16 a.m.•4 views

UBUNTU-CVE-2026-49270

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.9CVSS5.8AI score0.00153EPSS

Exploits0References5

Snyk•added 2026/05/29 1:18 p.m.•4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the project selector component when rendering selection menus for associating projects with system entities due to improper sanitization of project names returned via AJAX before injecting them into the DOM a...

6.1CVSS5.5AI score0.00024EPSS

NVD•added 2026/05/29 12:16 p.m.•11 views

CVE-2026-9811

5.4CVSS0.00024EPSS

Vulnrichment•added 2026/05/29 10:41 a.m.•10 views

CVE-2026-9811

EUVD•added 2026/05/29 10:41 a.m.•9 views

EUVD-2026-33280

Cvelist•added 2026/05/29 10:41 a.m.•34 views

CVE-2026-9811

5.4CVSS0.00024EPSS

CVE•added 2026/05/29 10:41 a.m.•11 views

CVE-2026-9811

CVE-2026-9811 is a stored XSS vulnerability in Mautic 7, specifically in the project selector component. The issue arises when rendering AJAX-returned project names into DOM option fields without proper sanitization; an authenticated user with project creation rights can inject malicious script v...

ATTACKERKB•added 2026/05/29 10:41 a.m.•7 views

CVE-2026-9811

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44823

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from a cross-site scripting vulnerability stored in the project...

5.4CVSS5.7AI score0.00024EPSS

Snyk•added 2026/05/24 7:39 a.m.•16 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the toString function in the AST Serialization. An attacker can cause uncontrolled recursion by providing specially crafted input, potentially resulting in resource exhaustion and application unavailability...

6.9CVSS5.8AI score0.00036EPSS

Snyk•added 2026/05/24 7:39 a.m.•11 views

Uncontrolled Recursion

6.9CVSS5.8AI score0.00036EPSS

vulnersOsv•added 2026/05/24 7:39 a.m.•1 views

org.webjars.npm:coreui__coreui (=4.2.1), org.webjars.npm:css-loader (>=2.1.0 <=6.7.2) +19 more potentially affected by CVE-2026-9358 via org.webjars.npm:postcss-selector-parser (>=4.0.0-rc.1 <=7.1.0)

org.webjars.npm:postcss-selector-parser MAVEN version =4.0.0-rc.1, =2.1.0, =3.1.0, =7.0.1, =4.0.2, =2.0.6, =2.1.0, =4.1.2, =6.2.0 and more Source cves: CVE-2026-9358 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16873883...

5.3CVSS5.4AI score0.00036EPSS

Exploits0

OSV•added 2026/05/22 4:4 p.m.•6 views

CLSA-2026-1779465893 postgresql: Fix of CVE-2026-6473

CVE-2026-6473: tsearch: bound StartSel/StopSel/FragmentDelimiter length to PGINT16MAX in tsheadline - CVE-2026-6473: contrib/ltree: guard lquery parsing against numvar and totallen wraparound - CVE-2026-6473: regex: add overflow-checked MALLOCARRAY/REALLOCARRAY and bound NFA state/color products...

8.8CVSS5.8AI score0.00075EPSS