CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 5 days ago•3 views

UBUNTU-CVE-2026-53225

9.1CVSS5.7AI score0.00544EPSS

Exploits0References11

CVE•added 5 days ago•12 views

CVE-2026-53225

The CVE-2026-53225 entry describes a Linux kernel SCTP vulnerability in __sctp_rcv_asconf_lookup() where an unauthenticated peer can send a truncated ASCONF chunk; the code may read 16 bytes of uninitialized memory past the address parameter when the chunk’s length is misdeclared. Affected compon...

9.1CVSS5.7AI score0.00544EPSS

EUVD•added 5 days ago•4 views

EUVD-2026-39316

5.7AI score0.00544EPSS

Cvelist•added 5 days ago•26 views

CVE-2026-53225 sctp: fix uninit-value in __sctp_rcv_asconf_lookup()

9.1CVSS0.00544EPSS

NVD•added 2026/06/09 7:17 p.m.•14 views

CVE-2026-36822

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS0.00309EPSS

CNNVD•added 2026/06/09 12:0 a.m.•12 views

Tenda W20E 安全漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the macAddr parameter of the formDelStaState function, which could allow attackers to cause...

7.5CVSS5.8AI score0.00309EPSS

Vulnrichment•added 2026/06/09 12:0 a.m.•9 views

CVE-2026-36822

5.9AI score0.00309EPSS

CNNVD•added 2026/06/08 12:0 a.m.•14 views

student_management_system 跨站脚本漏洞

studentmanagementsystem is a student information management tool personally developed by Vivek Singh. studentmanagementsystem has a cross-site scripting vulnerability. This vulnerability stems from improper handling of parameters such as name, address, and fname by an unknown function in the...

5.1CVSS4.5AI score0.00199EPSS

Exploits0References2

RedhatCVE•added 2026/06/05 7:39 p.m.•10 views

CVE-2026-7075

A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address results in sql injection. It is possible to initiate the attack remotely. The exploit has been mad...

7.5CVSS7AI score0.00254EPSS

RedhatCVE•added 2026/06/05 6:48 p.m.•6 views

CVE-2024-13362

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS5.7AI score0.00276EPSS

CNNVD•added 2026/06/04 12:0 a.m.•7 views

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analysis of threats to network security and malware analysis. MISP has a security vulnerability...

6.1CVSS5.5AI score0.00223EPSS

ATTACKERKB•added 2026/06/02 8:31 a.m.•10 views

CVE-2026-34906

Server-Side Template Injection SSTI in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution RCE. In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed ...

9.3CVSS6AI score0.00557EPSS

EUVD•added 2026/05/31 2:30 p.m.•11 views

EUVD-2026-33510

A flaw has been found in Tenda W12 3.0.0.74763. This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

9CVSS7.8AI score0.00476EPSS

Exploits0References6

ATTACKERKB•added 2026/05/28 8:59 p.m.•11 views

CVE-2026-44883

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

5.8AI score0.00316EPSS

Exploits1References2Affected Software1

CVE•added 2026/05/28 8:59 p.m.•29 views

CVE-2026-44883

Summary: Portainer Community Edition versions 2.33.0–2.33.7.x, 2.39.0–2.39.1.x, and 2.40.x prior to 2.41.0 expose JWTs via the ?token= URL query parameter on any authenticated API endpoint, in addition to the Authorization header. Root cause: The authentication middleware accepted the token from ...

7.7CVSS5.8AI score0.00316EPSS

Exploits1References1Affected Software1

EUVD•added 2026/05/27 9:27 a.m.•10 views

EUVD-2026-32175

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS6AI score0.00256EPSS

CVE•added 2026/05/27 9:27 a.m.•18 views

CVE-2026-3349

The CVE describes a vulnerability in the MinhNhut Link Gateway plugin for WordPress: a Reflected Cross-Site Scripting issue exploitable via the url parameter on the redirect page, affecting all versions up to and including 3.6.1. The root cause is insufficient input sanitization and output escapi...

6.1CVSS6AI score0.00256EPSS

Cvelist•added 2026/05/17 12:11 p.m.•41 views

CVE-2018-25329 WordPress Plugin WP with Spritz 1.0 Remote File Inclusion

WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attackers can send GET requests to wp.spritz.content.filter.php with malicious url values to access...

8.7CVSS0.00403EPSS