CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2014 matches found

CVE-2026-53655

node-tar (node-tar) before version 7.5.16 is vulnerable: it applies a PAX extended header size override to the next header entry, including intermediary L/K/x headers, which desynchronizes the stream cursor from other tar implementations. This yields a tar-parser interpretation differential (CWE-...

6.9CVSS5.9AI score

Exploits0References1

OSV•added 20 hours ago•2 views

UBUNTU-CVE-2026-56378

ImageMagick before 7.1.2-15 and 6.x before 6.9.13-40 contains a heap...

6.3CVSS5.8AI score

Exploits0References3

NVD•added 4 days ago•9 views

CVE-2026-54223

UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what results in Remote Code Execution. Because vendor contact attempts were unsuccessful, the vulnerability...

8.6CVSS0.00628EPSS

Exploits0References2

ATTACKERKB•added 4 days ago•4 views

CVE-2026-54224

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS5.3AI score0.00293EPSS

Exploits0References3

CVE•added 4 days ago•9 views

CVE-2026-54223

UBB.threads is vulnerable to path traversal that allows an attacker with template-edit privileges to read/write arbitrary files on the server, resulting in Remote Code Execution. The vulnerability is confirmed in version 7.7.5 and may affect other versions; no remediation details are provided in ...

8.6CVSS5.5AI score0.00628EPSS

Exploits0References2

EUVD•added 4 days ago•7 views

EUVD-2026-37885

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS5.6AI score0.00305EPSS

Exploits0References2

ATTACKERKB•added 4 days ago•7 views

CVE-2026-54222

8.6CVSS5.6AI score0.00305EPSS

Exploits0References3

CVE•added 4 days ago•14 views

CVE-2026-54221

UBB.threads is affected by a Reflected XSS vulnerability (CVE-2026-54221). The issue is confirmed in version 7.7.5 and may affect other versions. The vulnerability allows an attacker to execute arbitrary JavaScript in a victim’s browser when the user clicks a crafted link, with user interaction r...

5.1CVSS5.8AI score0.00293EPSS

Exploits0References2

CVE•added 4 days ago•12 views

CVE-2026-54220

CVE-2026-54220 : uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms, confirmed in version 7.7.5 and possibly earlier. The flaw allows an attacker to trick an authenticated user into performing unintended actions. The CVSS metrics indicate high ...

8.6CVSS5.2AI score0.00187EPSS

Exploits0References2

Cvelist•added 4 days ago•16 views

CVE-2026-54220 Cross-Site Request Forgery in UBB.threads

uBB.threads is vulnerable to a Cross-Site Request Forgery CSRF due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version...

8.6CVSS0.00187EPSS

Exploits0References2

NVD•added 5 days ago•5 views

CVE-2026-46768

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

6CVSS0.00157EPSS

Exploits0References1

NVD•added 5 days ago•5 views

CVE-2026-35275

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Shared Folders. The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

7.5CVSS0.0012EPSS

Exploits0References1

OSV•added 5 days ago•3 views

RHSA-2026:26306 Red Hat Security Advisory: redis:7 security update

Bulletin has no description...

8.8CVSS5.3AI score0.0095EPSS

Exploits4References19

Cvelist•added 5 days ago•29 views

CVE-2026-54185 WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability

Subscriber SQL Injection in Cornerstone 7.8.8 versions...

8.5CVSS0.00342EPSS

Exploits0References1

Positive Technologies•added 6 days ago•10 views

PT-2026-50074

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...

3.2CVSS5.8AI score0.00162EPSS

Exploits0References4

Positive Technologies•added 6 days ago•7 views

PT-2026-49902

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with access to the infrastructure where the software executes can compromise the system. This may...

6CVSS5.8AI score0.00157EPSS

Exploits0References4

Positive Technologies•added 6 days ago•12 views

PT-2026-50123

Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...

7.1CVSS5.2AI score0.00186EPSS

Exploits0References2

EUVD•added last week•5 views

EUVD-2026-36979

Unauthenticated Cross Site Scripting XSS in Coupon Affiliates = 7.5.3 versions...

7.1CVSS5.1AI score0.00175EPSS

Exploits0References2