CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added last week•6 views

CVE-2026-41688

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname but passes the original hostname to cURL without CURLOPTRESOLVE pinning on 10 of 11 outbound HTTP endpoints, leaving a DNS...

7.7CVSS5.5AI score0.00036EPSS

RedhatCVE•added last week•6 views

CVE-2026-45298

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS5.6AI score0.02832EPSS

RedhatCVE•added last week•6 views

CVE-2026-42294

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

8.2CVSS5.4AI score0.00059EPSS

NVD•added last week•8 views

CVE-2026-46511

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

8.7CVSS0.00072EPSS

RedhatCVE•added last week•5 views

CVE-2026-42231

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...

9.4CVSS6.5AI score0.00471EPSS

RedhatCVE•added last week•7 views

CVE-2026-2393

A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...

7.1CVSS7.3AI score0.00034EPSS

RedhatCVE•added last week•5 views

CVE-2026-8431

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

9.4CVSS5.8AI score0.0007EPSS

EUVD•added last week•7 views

EUVD-2026-34890

8.7CVSS5.4AI score0.00072EPSS

ATTACKERKB•added last week•5 views

CVE-2026-46511

8.7CVSS5.4AI score0.00072EPSS

Exploits0References2Affected Software2

VulnCheck KEV•added 2026/06/05 12:0 a.m.•10 views

VulnCheck KEV: CVE-2026-31816

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any...

9.1CVSS5.6AI score0.16947EPSS

In wildExploits2References2

GHSA-H524-452V-82P9 vulnerabilities

Vulnerabilities for packages: runc, nri-kubernetes, net-kourier, crossplane-provider-aws-cloudfront, kubernetes-replicator, authservice, spark-operator, mattermost, kubescape-operator, secrets-store-csi-driver, stakater-reloader, cluster-proportional-autoscaler, opentofu, newrelic-infra-operator,...

Wolfi•added 2026/06/04 1:48 p.m.•5 views

CVE-2026-42504 vulnerabilities

7.5CVSS5.2AI score0.00055EPSS

GHSA-H3GM-Q7M7-MP28 vulnerabilities

Vulnerabilities for packages: litestream, glab, runc, nri-kubernetes, net-kourier, crossplane-provider-aws-cloudfront, kubernetes-replicator, authservice, spark-operator, kubeflow-katib, victoriametrics-cluster, mattermost, aws-flb-cloudwatch, sigstore-scaffolding, bank-vaults, harbor,...

5.3CVSS5.2AI score0.00038EPSS

CVE-2026-42507 vulnerabilities

Wolfi•added 2026/06/04 1:48 p.m.•5 views

GHSA-4279-Q6MJ-392R vulnerabilities

6.5CVSS5.2AI score0.00011EPSS

CVE-2026-27145 vulnerabilities

Chainguard•added 2026/06/04 1:20 p.m.•7 views

CVE-2026-42504 vulnerabilities

Vulnerabilities for packages: kubevirt-cdi-apiserver, cilium-certgen, db-operator, timoni, runc, crossplane-provider-aws-guardduty, tekton-pipelines-fips, sonobuoy-fips, longhorn-share-manager, traefik, crossplane-provider-aws-autoscaling-fips, crossplane-provider-aws-emrserverless-fips,...

7.5CVSS5.2AI score0.00055EPSS

Chainguard•added 2026/06/04 1:20 p.m.•8 views

GHSA-H524-452V-82P9 vulnerabilities

Chainguard•added 2026/06/04 1:20 p.m.•7 views

CVE-2026-42507 vulnerabilities

Vulnerabilities for packages: kubevirt-cdi-apiserver, mc-fips, cilium-certgen, db-operator, timoni, runc, moby-ryuk-fips, crossplane-provider-aws-guardduty, tekton-pipelines-fips, sonobuoy-fips, longhorn-share-manager, traefik, crossplane-provider-aws-autoscaling-fips,...

5.3CVSS5.2AI score0.00038EPSS