CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

313 matches found

NVD•added 2026/05/27 11:16 a.m.•10 views

CVE-2026-42732

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

6.5CVSS0.00068EPSS

Exploits0References1

Circl•added 2026/05/26 6:30 a.m.•5 views

CVE-2026-48844

creationtimestamp| type| source ---|---|--- 2026-05-26 06:30:12+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-roundcube-webmail-3...

7.5CVSS5.7AI score0.00051EPSS

Exploits0References1

Positive Technologies•added 2026/05/22 12:0 a.m.•9 views

PT-2026-42856

A malicious archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file write outside of the desired extraction director...

8.2CVSS6AI score

Exploits0References1

vulnersOsv•added 2026/05/07 10:31 p.m.•7 views

aoh (>=1.0.1 <=1.1.0), beratools (=0.2.2) +25 more potentially affected by CVE-2026-8088 via gdal (>=3.0.1 <=3.12.1)

gdal PYPI version =3.0.1, =1.0.1, =0.1.1, =0.0.7, =2.0.1, =0.4.0, =0.2.92, =0.9.2, =0.10.3, =0.4.5, =2.6.0, =2.7.0 - hyp3lib =4.0.1 and more Source cves: CVE-2026-8088 Source advisory: SNYK:PYTHON-GDAL-16535178...

5.5CVSS5.2AI score0.00013EPSS

Exploits1

EUVD•added 2026/05/01 8:36 a.m.•3 views

EUVD-2026-26484

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

5.4CVSS5.8AI score0.00012EPSS

Exploits0References3

CVE•added 2026/04/13 5:15 p.m.•9 views

CVE-2026-28291

CVE-2026-28291 affects the Node.js package simple-git up to version 3.31.1, where an attacker can execute arbitrary commands by abusing Git option parsing. The flaw stems from an incomplete fix for CVE-2022-25860: Git’s flexible option parsing allows combinations such as -vu, -4u, -nu to bypass t...

8.1CVSS7.4AI score0.00156EPSS

Exploits1References5Affected Software1

UbuntuCve•added 2026/04/02 4:16 p.m.•3 views

CVE-2026-34876

An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtlsccmfinish in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized taglen parameter. This is caused by missing validation of t...

7.5CVSS5.8AI score0.00021EPSS

Exploits0References2

Tenable Nessus•added 2026/03/07 12:0 a.m.•8 views

Oracle Linux 8 : nfs-utils (ELSA-2026-3938)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3938 advisory. - Fix access checks when mounting subdirectories in NFSv3 RHEL-127095 Resolves: CVE-2025-12801 Tenable has extracted the preceding description block directly fr...

6.5CVSS5.9AI score0.00019EPSS

Exploits0References2

ATTACKERKB•added 2026/03/05 12:0 a.m.•3 views

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

6AI score0.00385EPSS

Exploits1References4

IBM Security Bulletins•added 2026/02/16 9:12 a.m.•6 views

Security Bulletin: OpenSSL stack buffer overflow vulnerability affect IBM Cloud Pak System [CVE-2025-15467]

Summary Stack buffer overflow vulnerability in OpenSSL shipped with OS Image for Red Hat Enterprise Linux System affect IBM Cloud Pak System. Stack buffer overflow that can be exploited by a remote attacker to cause a Denial of Service DoS or potentially allow for remote code execution...

8.8CVSS7.3AI score0.02889EPSS

Exploits7Affected Software4

Positive Technologies•added 2026/02/04 12:0 a.m.•4 views

PT-2026-5813

Name of the Vulnerable Software and Affected Versions GCafé version 3.0 Description GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService. This allows local attackers to potentially execute arbitrary code with elevated privileges. The issue stems from an unquoted path i...

8.5CVSS6.1AI score0.00007EPSS

Exploits0References5

RedhatCVE•added 2026/01/07 9:31 a.m.•6 views

CVE-2019-16725

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates...

6.1CVSS6AI score0.03926EPSS

Exploits0References1

CISA•added 2025/12/11 12:0 p.m.•7 views

CISA Releases 12 Industrial Control Systems Advisories

CISA released 12 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactor...

6.7AI score

Exploits0References12

EUVD•added 2025/10/07 1:49 p.m.•3 views

EUVD-2025-32856

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...

5.3CVSS6.3AI score0.001EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-18471

Malware in sbrugna...

6.5CVSS6.6AI score0.00288EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-4079

Malware in sbrugna...

4.8CVSS5.1AI score0.00342EPSS

Exploits0References5