CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

570 matches found

CVE-2026-34460

NamelessMC (Minecraft server website software) is affected in versions up to 2.2.4 where the OAuth callback handling does not validate the state parameter server‑side before exchanging the authorization code. This can let an attacker capture a valid OAuth callback URL for their own account and ca...

5.4CVSS5.8AI score0.00014EPSS

Exploits0References1

CVE•added 2 days ago•4 views

CVE-2026-33398

NamelessMC 2.2.4 is affected by an insecure access control in modules/Forum/pages/forum/get_quotes.php, which only checks that a caller is logged in and reads a post by an attacker-controlled post ID. The backend helper in modules/Forum/classes/Forum.php does not enforce forum or topic ACLs, allo...

7.1CVSS5.8AI score0.00038EPSS

Exploits0References1

Cvelist•added 2 days ago•30 views

CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

4.3CVSS0.00013EPSS

Exploits0References5

Positive Technologies•added 2 days ago•7 views

PT-2026-45801

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...

5.3CVSS5.9AI score0.00042EPSS

Exploits0References2

RedHat Linux•added last week•8 views

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.0 Release.

Red Hat OpenShift Dev Spaces 3.28.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.28 release is based on...

10CVSS7AI score0.00175EPSS

Exploits19References41

Vulnrichment•added last week•4 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.0009EPSS

Exploits0References1

EUVD•added 2026/05/27 3:38 p.m.•5 views

EUVD-2026-32569

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and...

10CVSS5.8AI score0.00058EPSS

Exploits1References4

CVE•added 2026/05/27 9:49 a.m.•9 views

CVE-2026-42729

CVE-2026-42729 documents a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress PropertyHive plugin, specifically in versions <= 2.2.2. The root cause is described as improper neutralization of input during web page generation. Affected product: PropertyHive (WordPress plugin); ...

7.1CVSS5.8AI score0.00036EPSS

Exploits0References1

EUVD•added 2026/05/26 4:23 p.m.•6 views

EUVD-2026-31862

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to belong to that project. This...

3.1CVSS5.8AI score0.00029EPSS

Exploits0References2

EUVD•added 2026/05/26 4:16 p.m.•5 views

EUVD-2026-31860

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use...

4.3CVSS5.8AI score0.00028EPSS

Exploits0References2

ATTACKERKB•added 2026/05/26 3:50 p.m.•3 views

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS5.8AI score0.00028EPSS

Exploits0References2Affected Software1

Snyk•added 2026/05/23 1:44 p.m.•4 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/nas/nassecurity to versi...

6.5CVSS6.6AI score0.00052EPSS

Exploits0References2

CNNVD•added 2026/05/21 12:0 a.m.•4 views

Netatalk 操作系统命令注入漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.2.1 to 4.4.2 of Netatalk contained a vulnerability related to operating system command injection. This vulnerability...

3CVSS5.9AI score0.00025EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в python-werkzeug

Werkzeug is a comprehensive WSGI web application library. Browsers may allow “nameless” cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on a neighboring subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

3.5CVSS6.6AI score0.00267EPSS

Exploits0References2

Github Security Blog•added 2026/05/18 6:31 a.m.•2 views

AMF Vulnerable to Improper Resource Shutdown or Release

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

5.3CVSS5.4AI score0.00017EPSS

Exploits0References9Affected Software1

Snyk•added 2026/05/18 5:31 a.m.•1 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the UERadioCapabilityCheckResponse function in the dispatcher.go file. An attacker can cause a denial of service by sending specially crafted remote requests that trigger a null pointer dereference...

5.3CVSS5.8AI score0.00017EPSS

Exploits0References2

NVD•added 2026/05/18 4:16 a.m.•10 views

CVE-2026-8783

5.3CVSS0.00017EPSS

Exploits0References7

Snyk•added 2026/05/18 3:47 a.m.•2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the...

5.3CVSS5.4AI score0.00052EPSS

Exploits0References2

Snyk•added 2026/05/18 3:47 a.m.•2 views

NULL Pointer Dereference

5.3CVSS5.4AI score0.00052EPSS

Exploits0References2

Snyk•added 2026/05/18 3:47 a.m.•3 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly available and might b...

5.3CVSS5.5AI score0.00052EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by