CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 7 hours ago•8 views

CVE-2026-56237 Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation

9.3CVSS

EUVD•added 7 hours ago•6 views

EUVD-2026-38740

9.3CVSS6AI score

NVD•added 9 hours ago•6 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS

Cvelist•added 11 hours ago•10 views

CVE-2026-10745

7.9CVSS

CVE•added 11 hours ago•8 views

CVE-2026-10745

7.9CVSS5.9AI score

EUVD•added 11 hours ago•10 views

EUVD-2026-38731

7.9CVSS5.9AI score

Nuclei•added 16 hours ago•27 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. id: CVE-2021-40970 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.5AI score0.02204EPSS

Exploits1References4

Github Security Blog•added yesterday•5 views

jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields

Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...

5.3CVSS5.9AI score

Exploits0References6Affected Software2

CVE•added yesterday•16 views

CVE-2026-45792

Vulnerability summary (CVE-2026-45792) RTK (Rust Token Killer) prior to 0.32.0 trusts project-local configuration by auto-loading the highest-priority .rtk/filters.toml without user notification. An attacker with repository access can place a malicious filter to modify shell command output before...

6.9CVSS5.9AI score0.00009EPSS

RedHat Linux•added yesterday•6 views

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS5.9AI score0.01176EPSS

EUVD•added yesterday•4 views

EUVD-2026-38428

Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limitedtoapps are only checked for limitedtoorgs and not for limitedtoapps, so an app-scoped key ca...

8.7CVSS5.9AI score

CVE•added yesterday•7 views

CVE-2026-56225

Capgo before 12.128.2 has an authorization bypass in public API key management handlers (get/put/delete/post). Keys created with mode=all but limited_to_apps are not checked against limited_to_apps, only limited_to_orgs, allowing an app-scoped key to enumerate, update, and delete sibling API keys...

8.7CVSS5.9AI score

Nuclei•added yesterday•14 views

ShortCode Addons - Unauthenticated Options Update

WordPress plugin Shortcode Addons = 3.0.2 contains an unauthenticated arbitrary option update caused by insufficient access controls in the plugin, letting attackers modify options without authentication. id: CVE-2022-34487 info: name: ShortCode Addons - Unauthenticated Options Update author:...

9.8CVSS6.2AI score0.02602EPSS

RedHat Linux•added yesterday•4 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00251EPSS

Exploits0References5

RedHat Linux•added 2 days ago•9 views

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS5.9AI score0.01176EPSS

OSV•added 2 days ago•2 views

DEBIAN-CVE-2026-53537

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

3.7CVSS5.9AI score0.00176EPSS

RedHat Linux•added 2 days ago•5 views

Important: Red Hat Security Advisory: .NET 9.0 security update

An update for .NET 9.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS5.9AI score0.01176EPSS

EUVD•added 4 days ago•6 views

EUVD-2026-38096

Capgo Cap-go/capgo before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.recordbuildtime, which is granted to the anon role and callable with only the public Supabase publishable sbpublishable anon key. An unauthenticated attacker...

8.7CVSS6AI score0.00242EPSS

EUVD•added 4 days ago•8 views

EUVD-2026-38101

Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...

8.7CVSS6AI score0.00228EPSS