CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 days ago•20 views

CVE-2026-45505

CVE-2026-45505 details a Code Injection vulnerability in Apache ActiveMQ components (Broker/All/ActiveMQ) where non-standard Jolokia discovery wrappers (e.g., masterslave:vm://, static:vm://) bypass the fix for CVE-2026-34197. An authenticated attacker could abuse Jolokia’s JMX-HTTP bridge at /ap...

8.8CVSS6.4AI score0.001EPSS

Exploits0References2Affected Software2

Cvelist•added 3 days ago•47 views

CVE-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

0.001EPSS

Nuclei•added 6 days ago•71 views

Apache Solr <= 7.1 - XML Entity Injection

Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

9.8CVSS7.7AI score0.93891EPSS

Exploits11References5

Fedora•added 6 days ago•6 views

[SECURITY] Fedora 43 Update: perl-Sereal-5.005-1.fc43

Sereal is an efficient, compact-output, binary and feature-rich serialization protocol. The Perl encoder is implemented as the Sereal::Encoder module, the Perl decoder correspondingly as Sereal::Decoder. This Sereal module is a very thin wrapper around both Sereal::Encoder and Sereal::Decoder. It...

5.8AI score

Exploits0

SUSE CVE•added 6 days ago•5 views

SUSE CVE-2026-46169

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

5.8AI score0.00024EPSS

Cvelist•added last week•27 views

CVE-2026-49237 Local Privilege Escalation in Canonical Multipass

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS0.00011EPSS

Exploits1References1

EUVD•added last week•8 views

EUVD-2026-32796

5.8AI score0.00024EPSS

Exploits0References5

CVE•added last week•6 views

CVE-2026-46169

CVE-2026-46169 relates to the Linux kernel hfsplus subsystem. The issue arises when mounting a corrupted HFS+ filesystem, where hfs_brec_read() may read a smaller on-disk record than expected and leave most of the destination structure uninitialized, triggering a KMSAN warning in hfsplus_strcasec...

5.8AI score0.00024EPSS

Exploits0References5

Cvelist•added last week•22 views

CVE-2026-46169 hfsplus: fix uninit-value by validating catalog record size

0.00024EPSS

Exploits0References5

NVD•added last week•7 views

CVE-2026-4334

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.0004EPSS

Vulnrichment•added last week•5 views

CVE-2026-4334 Shariff Wrapper <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting

Cvelist•added last week•23 views

CVE-2026-4334 Shariff Wrapper <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting

6.4CVSS0.0004EPSS

EUVD•added last week•8 views

EUVD-2026-32750

CVE•added last week•8 views

CVE-2026-4334

The CVE-2026-4334 entry concerns the Shariff Wrapper WordPress plugin (versions up to 4.6.20) with a Stored XSS risk. The issue stems from insufficient input sanitization and output escaping in the [shariff] shortcode’s headline parameter, where a custom wp_kses with permissive HTML and a post-sa...

ATTACKERKB•added last week•5 views

CVE-2026-4334

CNNVD•added 2026/05/28 12:0 a.m.•4 views

Exploits0References7

WordPress plugin Shariff Wrapper 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.0004EPSS

OSSF Malicious Packages•added 2026/05/27 11:53 p.m.•4 views

Malicious code in rogiant-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c659d6e1e7b9bbbbb7b808196db4231a5eb1a62fe91827fc02fd708b92728b5 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

6AI score

Exploits0References9

Patchstack•added 2026/05/27 7:48 p.m.•7 views

WordPress Shariff Wrapper plugin <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting vulnerability

Authenticated Contributor+ Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Shariff Wrapper versions = 4.6.20...

6.4CVSS5.8AI score0.0004EPSS

Exploits0References1Affected Software1

Snyk•added 2026/05/27 5:41 p.m.•3 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated twigarraysome, twigarrayevery, and twigcheckarrowinsandbox helper functions. An attacker can bypass the sandbox callback...

4.2CVSS5.8AI score