CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

56996 matches found

ATTACKERKB•added 2026/05/14 2:51 p.m.•5 views

CVE-2026-44482

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS6AI score0.00336EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2026/05/14 1:18 p.m.•10 views

Fleet: IP spoofing allows bypassing API rate limiting

Summary A vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances exposed to the public internet. Impact Fleet extracted client IP...

7.5CVSS5.8AI score0.00276EPSS

Exploits0References4Affected Software1

Snyk•added 2026/05/14 1:18 p.m.•6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the escapeandappend function in the document-builder API when processing very large input strings on platforms with limited sizet width. An attacker can cause out-of-bounds memory reads, potentially...

6.9CVSS5.8AI score0.00279EPSS

Exploits0References2

Github Security Blog•added 2026/05/14 1:12 p.m.•7 views

Strapi Upload Plugin MIME Validation Bypass via Content API

Summary of CVE-2026-22707 Vulnerability Details - CVE: CVE-2026-22707 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N 5.3 — Medium - Affected Versions: @strapi/upload =5.33.3 Description of CVE-2026-22707 In Strapi versions prior to 5.33.3, the Upload plugin's...

5.4CVSS5.8AI score0.00195EPSS

Exploits0References3Affected Software1

OSV•added 2026/05/14 1:12 p.m.•1 views

GHSA-PCW7-5633-82VV Strapi Upload Plugin MIME Validation Bypass via Content API

5.3CVSS5.8AI score0.00195EPSS

Exploits0References3

ATTACKERKB•added 2026/05/14 12:37 p.m.•5 views

CVE-2026-43644

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

5.4CVSS5.7AI score0.00195EPSS

Exploits2References4

EUVD•added 2026/05/14 12:37 p.m.•8 views

EUVD-2026-30275

5.4CVSS5.7AI score0.00195EPSS

Exploits2References3

CVE•added 2026/05/14 12:37 p.m.•10 views

CVE-2026-43644

CVE-2026-43644 affects podinfo up to version 6.11.2. The vulnerability is a reflected XSS in the /echo and /api/echo endpoints, caused by the echoHandler writing the request body to the response without setting explicit Content-Type or X-Content-Type-Options headers. Go’s content-type detection m...

6.1CVSS5.7AI score0.00195EPSS

Exploits2References3Affected Software1

The Hacker News•added 2026/05/14 11:40 a.m.•12 views

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI , an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 CVSS score: 7.3, a case of missing...

7.3CVSS5.8AI score0.19037EPSS

Exploits3

Veracode•added 2026/05/14 10:56 a.m.•9 views

Path Traversal

org.eclipse.basyx:basyx.sdk is vulnerable to Path Traversal. The vulnerability is due to inadequate path normalization of the fileName parameter in the Submodel HTTP API, which allows an attacker to write arbitrary files to the host filesystem and potentially execute malicious code...

10CVSS6.2AI score0.03678EPSS

Exploits1References3Affected Software1

Information Security Automation•added 2026/05/14 10:0 a.m.•8 views

About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability

About Remote Code Execution - Apache ActiveMQ CVE-2026-34197 vulnerability. Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them. This...

8.8CVSS6.8AI score0.87048EPSS

Exploits12

UbuntuCve•added 2026/05/14 6:16 a.m.•4 views

CVE-2026-1322

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...

8.1CVSS5.8AI score0.00247EPSS

Exploits0References4

UbuntuCve•added 2026/05/14 6:16 a.m.•4 views

CVE-2025-14869

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints...

7.5CVSS5.8AI score0.00354EPSS

Exploits0References4

OSV•added 2026/05/14 6:16 a.m.•1 views

UBUNTU-CVE-2025-14869

7.5CVSS5.8AI score0.00354EPSS

Exploits0References5

OSV•added 2026/05/14 6:16 a.m.•5 views

UBUNTU-CVE-2026-1322

8.1CVSS5.8AI score0.00247EPSS

Exploits0References5

CVE•added 2026/05/14 5:38 a.m.•15 views

CVE-2025-14869

GitLab CVE-2025-14869 affects GitLab CE/EE versions 18.5–before 18.9.7, 18.10–before 18.10.6, and 18.11–before 18.11.3. It could allow an unauthenticated attacker to cause a denial of service by sending specially crafted payloads to certain API endpoints. CVSSv3.1 base score 7.5 (HIGH), with NETW...

7.5CVSS5.8AI score0.00354EPSS

Exploits0References3Affected Software1