CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/13 12:0 a.m.•9 views

ELECOM WAB 代码问题漏洞

ELECOM WAB is a series of wireless access points produced by the ELECOM company in Japan. ELECOM WAB has a code vulnerability that stems from the lack of checking whether the language parameter has an appropriate value. This vulnerability may cause administrator pages to be displayed incorrectly ...

5.1CVSS6.2AI score0.00207EPSS

Vulnrichment•added 2026/05/13 12:0 a.m.•6 views

CVE-2025-27852

5.7AI score0.0014EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•12 views

PT-2026-40767

Name of the Vulnerable Software and Affected Versions Trust Protection Foundation affected versions not specified Description A SQL injection allows an authenticated attacker to execute arbitrary SQL commands against the product database. This could enable the attacker to read sensitive data,...

8.6CVSS6.1AI score0.00248EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•12 views

PT-2026-40812

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.7.0 Description The admin orders-transactions listing page at 'admin.php? g=orders&node=transactions' constructs a raw ORDER BY SQL fragment using the sort array from the $ GET variable without validating the colum...

4.9CVSS6.1AI score0.00239EPSS

CVE•added 2026/05/13 12:0 a.m.•13 views

CVE-2025-27852

CVE-2025-27852 affects Garmin WDU’s locally served web UI (v1.1.4.6 and v2.5.0) exposing a reflected XSS flaw in the web interface. The vulnerability allows an attacker on the same local network to trigger arbitrary JavaScript execution within the WDU page by visiting a specific URL and then clic...

5CVSS5.7AI score0.0014EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/13 12:0 a.m.•11 views

PT-2026-40813

Name of the Vulnerable Software and Affected Versions CubeCart versions 6.6.x through 6.7.1 Description CubeCart builds the CC STORE URL constant directly from the Host request header during bootstrap without using an allowlist. This constant is embedded into transactional email links, specifical...

8.1CVSS5.8AI score0.00147EPSS

CNNVD•added 2026/05/13 12:0 a.m.•12 views

CubeCart 跨站脚本漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw, which could allow attackers with administrative privileges to inject...

4.8CVSS5.6AI score0.00173EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•13 views

PT-2026-40621

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...

8.7CVSS5.8AI score0.00356EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•13 views

PT-2026-40804

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

4.8CVSS5.8AI score0.00173EPSS

Cvelist•added 2026/05/13 12:0 a.m.•32 views

CVE-2025-27852

0.0014EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•14 views

PT-2026-40747

Name of the Vulnerable Software and Affected Versions Prisma Browser affected versions not specified Description A race condition allows a locally authenticated non-admin user to bypass specific access and data control policies. A race condition is a situation where the system's substantive...

5.8CVSS5.8AI score0.00173EPSS

Tenable Nessus•added 2026/05/13 12:0 a.m.•7 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated...

6.9CVSS5.7AI score0.0028EPSS

Tenable Nessus•added 2026/05/13 12:0 a.m.•13 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS software enable an authenticated administrator t...

8.6CVSS6AI score0.01336EPSS

NVD•added 2026/05/12 11:16 p.m.•21 views

CVE-2026-42289

ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an...

8.8CVSS0.00128EPSS

NVD•added 2026/05/12 11:16 p.m.•15 views

CVE-2026-43685

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

7.2CVSS0.00457EPSS

NVD•added 2026/05/12 11:16 p.m.•19 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

7.2CVSS0.00461EPSS