CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2026/05/26 9:30 p.m.•10 views

Security Bulletin: Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)

Summary IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration CP4I 1.5.20 has addressed an authentication vulnerability that may allow access to files in the local server storage. Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server for CP4i i...

9.1CVSS5.8AI score0.00284EPSS

Exploits0Affected Software1

NVD•added 2026/05/26 9:16 p.m.•10 views

CVE-2026-45413

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS0.00083EPSS

NVD•added 2026/05/26 9:16 p.m.•14 views

CVE-2026-42335

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

6.3CVSS0.0022EPSS

Snyk•added 2026/05/26 8:42 p.m.•7 views

Open Redirect

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Open Redirect via the unvalidated HTTP Referer header stored in a session variable. An attacker can redirect users to arbitrary external sites by crafting a malicious link a...

7.1CVSS5.9AI score0.00163EPSS

ATTACKERKB•added 2026/05/26 8:12 p.m.•6 views

CVE-2026-45413

6.9CVSS5.8AI score0.00083EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/26 7:30 p.m.•16 views

CVE-2026-44833

The CVE-2026-44833 affects Snipe-IT up to version 8.4.0, where an open redirect vulnerability arises from using an unvalidated HTTP Referer header stored in a session variable. When a user action triggers a redirect (e.g., Save with redirect option set to back), the application reads the back_url...

7.1CVSS5.8AI score0.00163EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/26 6:16 p.m.•14 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

NVD•added 2026/05/26 6:16 p.m.•7 views

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

Cvelist•added 2026/05/26 5:43 p.m.•26 views

CVE-2026-44669 Faction: Stored XSS in Assessment Attachment Filename Preview Rendering

EUVD•added 2026/05/26 5:43 p.m.•10 views

EUVD-2026-31943

ATTACKERKB•added 2026/05/26 5:43 p.m.•6 views

CVE-2026-44669

Exploits0References3Affected Software1

CVE•added 2026/05/26 5:42 p.m.•13 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. A stored XSS flaw exists prior to version 1.8.3 where user-supplied attachment filename values are persisted and rendered into HTML and attribute contexts without output encoding in remediation verification/file preview flows....

Vulnrichment•added 2026/05/26 5:42 p.m.•8 views

CVE-2026-44667 Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering

Cvelist•added 2026/05/26 5:42 p.m.•35 views

CVE-2026-44667 Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering

CVE•added 2026/05/26 12:57 p.m.•33 views

CVE-2026-48134

The CVE-2026-48134 issue affects Check Point’s UserCheck Portal when the DLP blade is active, applying to UserCheck’s Web Portal UserChoice input handling. The root cause is an input-handling flaw that could allow an attacker with access to the UserCheck Ask page to manipulate stored DLP/UserChec...

5.6CVSS5.8AI score0.04032EPSS

OSV•added 2026/05/26 10:7 a.m.•5 views

RHSA-2026:20584 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

7.5CVSS7.2AI score0.0052EPSS

Exploits0References11

OSV•added 2026/05/26 10:7 a.m.•21 views

RHSA-2026:20582 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

7.5CVSS7.2AI score0.0052EPSS

Exploits0References11

RedHat Linux•added 2026/05/26 3:56 a.m.•21 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

7.5CVSS7.3AI score0.0052EPSS

RedHat Linux•added 2026/05/26 3:45 a.m.•17 views

Important: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

7.5CVSS7.3AI score0.0052EPSS