CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

598 matches found

CVE-2026-13491

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS0.00411EPSS

Exploits0References8

CVE•added 2 days ago•12 views

CVE-2026-13489

The CVE-2026-13489 entry describes a vulnerability in 78 xiaozhi-esp32

3.1CVSS5.1AI score0.00228EPSS

Exploits0References7

Positive Technologies•added 5 days ago•8 views

PT-2026-52615

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description The Custom MCP feature, used for executing OS commands like launching local MCP servers, is unsandboxed. Due to a minimal authentication and authorization model lacking role-based access control, and...

9.8CVSS6AI score0.00727EPSS

Exploits0References4

NVD•added 2026/06/19 2:16 p.m.•10 views

CVE-2026-39999

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...

9.1CVSS0.00386EPSS

Exploits0References2

EUVD•added 2026/06/19 1:7 p.m.•9 views

EUVD-2026-38013

7CVSS5.9AI score0.00386EPSS

Exploits0References1

AstraLinux•added 2026/06/19 11:10 a.m.•7 views

Astra Linux – Vulnerability in Python-Werkzeug

Werkzeug is a comprehensive WSGI web application library. Browsers may allow “nameless” cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on a neighboring subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

3.5CVSS6.2AI score0.00507EPSS

Exploits0References2

NVD•added 2026/06/17 1:20 p.m.•7 views

CVE-2026-39558

Unauthenticated Local File Inclusion in Malmö = 2.2 versions...

8.1CVSS0.00338EPSS

Exploits0References1

OSV•added 2026/06/16 1:29 p.m.•3 views

SUSE-SU-2026:2418-1 Security update for 389-ds

This update for 389-ds fixes the following issue Update to 2.2.10git229.1fa7ffdb4: - CVE-2026-9064: unbounded LDAP controls count in getldapmessagecontrolsext can lead to amplified CPU time and heap allocation and a denial of service bsc1265898. Changelog: Issue 7503 - CVE-2026-9064 - Add a limit...

7.5CVSS5.3AI score0.00815EPSS

Exploits0References3

EUVD•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36998

Subscriber Broken Access Control in Amelia = 2.2 versions...

6.5CVSS5.1AI score0.00271EPSS

Exploits0References2

NVD•added 2026/06/15 9:16 p.m.•7 views

CVE-2026-40789

Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...

7.5CVSS0.00294EPSS

Exploits0References1

CVE•added 2026/06/15 8:18 p.m.•13 views

CVE-2026-40795

The CVE-2026-40795 entry documents a Broken Access Control issue in the WordPress Amelia plugin, affecting versions <= 2.2. The vulnerability targets subscriber access rights, with the CVSS 3.1 base score of 6.5 (Medium), indicating potential high impact on integrity (I) and no confidentiality...

6.5CVSS5.1AI score0.00271EPSS

Exploits0References1

Vulnrichment•added 2026/06/15 8:18 p.m.•6 views

CVE-2026-40789 WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...

7.5CVSS5.2AI score0.00294EPSS

Exploits0References1

NVD•added 2026/06/15 2:16 p.m.•11 views

CVE-2026-5079

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

7.5CVSS0.00278EPSS

Exploits0References2

NVD•added 2026/06/15 2:16 p.m.•12 views

CVE-2026-49111

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00238EPSS

Exploits0References1

Positive Technologies•added 2026/06/15 12:0 a.m.•15 views

PT-2026-49432

Subscriber Broken Access Control in Amelia = 2.2 versions...

6.5CVSS5.1AI score0.00271EPSS

Exploits0References2

Positive Technologies•added 2026/06/12 12:0 a.m.•12 views

PT-2026-49004

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.1.x Description The getRedirectURL function in oauth2.go constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path without validating the Host header. This allows...

6.8CVSS5.2AI score0.00234EPSS

Exploits0References5

Patchstack•added 2026/06/08 9:8 a.m.•7 views

WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

WordPress Masteriyo - LMS plugin = 2.2.0 - Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Masteriyo - LMS versions = 2.2.0...

8.8CVSS5.5AI score0.00238EPSS

Exploits0Affected Software1

EUVD•added 2026/06/05 9:44 p.m.•11 views

EUVD-2026-31860

Bugsink: Project scoping missing in sourcemap and debug-file lookup...

4.3CVSS5.4AI score0.00178EPSS

Exploits0References3

EUVD•added 2026/06/05 9:43 p.m.•12 views

EUVD-2026-31862

Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known...

3.1CVSS5.4AI score0.00147EPSS

Exploits0References3