CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/12 2:57 a.m.•10 views

Malicious code in @uipath/admin-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c7b3c6e3a941ca923642922773e148ac450c414f24a26637f0a048be65827e7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References6

OSV•added 2026/05/12 2:57 a.m.•4 views

MAL-2026-3524 Malicious code in @uipath/admin-tool (npm)

5.8AI score

Exploits0References6

RedhatCVE•added 2026/05/12 2:27 a.m.•10 views

CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload,...

5.3CVSS5.8AI score0.00109EPSS

Exploits1References1

Vulnrichment•added 2026/05/12 2:20 a.m.•6 views

CVE-2026-34259 OS Command Injection Vulnerability in SAP Forecasting & Replenishment

8.2CVSS6.1AI score0.00199EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

PT-2026-40033

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

5.4CVSS5.8AI score0.00138EPSS

Exploits0References3

Positive Technologies•added 2026/05/12 12:0 a.m.•12 views

PT-2026-39995

Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...

9.2CVSS5.8AI score0.00239EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•11 views

PT-2026-40398

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS5.9AI score0.00606EPSS

7.2CVSS5.9AI score0.01914EPSS

Ivanti Virtual Traffic Manager 操作系统命令注入漏洞

Ivanti Virtual Traffic Manager is a software-based application delivery controller developed by the American company Ivanti. Versions of Ivanti Virtual Traffic Manager prior to 22.9r4 contained an operating system command injection vulnerability. This vulnerability stems from OS command injection...

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

PT-2026-40370

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS

CNNVD•added 2026/05/12 12:0 a.m.•6 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the CSRF token in the UserEditor.php file, which could allow unauthenticated attackers to gain...

8.8CVSS5.8AI score0.00128EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40369

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.0036EPSS

CNNVD•added 2026/05/12 12:0 a.m.•6 views

WordPress plugin Zawgyi Embed 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00128EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40461

Name of the Vulnerable Software and Affected Versions Claris FileMaker Cloud versions prior to 2.22.0.5 Description A Remote Code Execution issue allows a user with Admin Console privileges to inject arbitrary operating system commands. This occurs due to unsanitized input within the External ODB...

7.2CVSS6AI score0.00457EPSS

Exploits0References4

CVE•added 2026/05/12 12:0 a.m.•12 views

CVE-2025-70842

FluentCMS 1.2.3 is affected in its File Management module by a Stored XSS vulnerability. An authenticated administrator can upload crafted SVG files containing malicious JavaScript, and the injected script executes in the browser of any user who accesses the direct URL to the image, including una...

5.4CVSS5.8AI score0.00138EPSS

8CVSS5.8AI score0.0012EPSS

Cleanuparr 访问控制错误漏洞

Cleanuparr is an automated tool developed by Cleanuparr OpenSource, designed to clean up invalid files in the download queue. Versions of Cleanuparr prior to 2.9.10 contained a access control vulnerability. This vulnerability stemmed from the global CORS policy, which reflected the Origin of each...

8.4CVSS5.8AI score0.00135EPSS

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center. This vulnerability stems from insufficient permission restrictions on the REST API endpoints exported by device accounts. As a...

8.3CVSS5.8AI score0.00558EPSS

Microsoft Windows Admin Center 安全漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. There are security vulnerabilities in Microsoft Windows Admin Center. Attackers can exploit these vulnerabilities to gain higher...