CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/11 12:0 a.m.•5 views

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 had code vulnerabilities. These vulnerabilities stemmed from the bundled plugin setup parser, which loaded setup-api.js from process.cwd. This allowed attackers to execute...

8.4CVSS6.1AI score0.00144EPSS

CNNVD•added 2026/05/11 12:0 a.m.•5 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.14.1 contain security vulnerabilities. These vulnerabilities stem from the use of default file system permissions for the configuration directory and files of the daemon process. ...

6.9CVSS5.8AI score0.00098EPSS

CNNVD•added 2026/05/11 12:0 a.m.•4 views

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the shares.create API, which accepted both collectionId and documentId. When published=false was set, only read access for each...

6.5CVSS5.8AI score0.00211EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•10 views

PT-2026-39903

Name of the Vulnerable Software and Affected Versions bird-lg-go versions prior to 1.4.5 Description The apiHandler and webHandlerTelegramBot functions process user-provided JSON payloads using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remo...

7.5CVSS5.9AI score0.00441EPSS

Exploits0References6

Positive Technologies•added 2026/05/11 12:0 a.m.•9 views

PT-2026-39717

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.4.1 Description An issue exists where master-password re-authentication is not required when retrieving or rotating an organization's SCIM API key. This allows an authenticated user with SCIM management...

8.6CVSS5.8AI score0.00504EPSS

Exploits1References10

EUVD•added 2026/05/10 3:31 p.m.•11 views

EUVD-2021-34795

WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the configfile endpoint to achieve remote code...

ATTACKERKB•added 2026/05/10 12:43 p.m.•6 views

Exploits0References4

CVE-2021-47933

Exploits0References3Affected Software1

CVE•added 2026/05/10 12:43 p.m.•10 views

CVE-2021-47933

CVE-2021-47933 affects WordPress MStore API 2.0.6, where an arbitrary file upload vulnerability exists. An unauthenticated attacker can send POST requests to the REST API endpoint and upload PHP files with arbitrary names to the config_file endpoint, enabling remote code execution on the server. ...

Cvelist•added 2026/05/10 12:43 p.m.•29 views

Exploits0References3

CVE-2021-47933 WordPress MStore API 2.0.6 Arbitrary File Upload

9.8CVSS0.00587EPSS

Exploits0References3

Fedora•added 2026/05/10 2:55 a.m.•31 views

[SECURITY] Fedora 44 Update: python-pulp-glue-0.37.0-5.fc44

pulp-glue is a library to ease the programmatic communication with the Pulp3 API. It helps to abstract different resource types with so called contexts and allows to build or even provides complex workflows like chunked upload or waiting on tasks. It is built around an openapi3 parser to provide...

5.5CVSS5.8AI score0.00157EPSS

Fedora•added 2026/05/10 2:55 a.m.•28 views

[SECURITY] Fedora 44 Update: nextcloud-33.0.3-1.fc44

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.9CVSS6.5AI score0.01286EPSS

Exploits15

GithubExploit•added 2026/05/10 2:7 a.m.•135 views

Exploit for SQL Injection in Litellm

Threat Intelligence Brief - CVE-2026-42208: BerriAI LiteLLM SQ...

9.8CVSS6.1AI score0.93107EPSS

Exploits6

Positive Technologies•added 2026/05/10 12:0 a.m.•5 views

PT-2026-39509

CNNVD•added 2026/05/10 12:0 a.m.•4 views

Exploits0References4

WordPress plugin MStore API 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

9.8CVSS6.3AI score0.00587EPSS

Vulnrichment•added 2026/05/09 12:29 p.m.•7 views

CVE-2026-8198 Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 - Unauthenticated Information Disclosure via REST API

The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin for WordPress is vulnerable to Authentication Bypass to Information Disclosure in versions up to, and including, 3.3.6. This is due to a logic flaw in the verifyAuthorization method where requests without an...

5.3CVSS5.7AI score0.00449EPSS

Exploits0References6

Chainguard•added 2026/05/09 7:17 a.m.•7 views

GHSA-XQ5J-9R39-C3VF vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-notificationhubs, knative-net-istio-fips, datadog-agent, gatus-fips, crossplane-provider-aws-guardduty, crossplane-provider-aws-secretsmanager-fips, crossplane-provider-aws-sqs-fips, crossplane-provider-aws-cloudwatchevents-fips,...

5.8AI score

Chainguard•added 2026/05/09 7:17 a.m.•10 views

CVE-2026-42499 vulnerabilities

7.5CVSS5.8AI score0.00577EPSS

Chainguard•added 2026/05/09 7:17 a.m.•9 views

CVE-2026-39820 vulnerabilities

7.5CVSS5.8AI score0.00369EPSS