CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•16 views

Odoo Apps - Cross-Site Scripting via Prototype Pollution

jquery-bbq 1.2.1 contains a prototype pollution caused by improperly controlled modification of object prototype attributes, letting malicious users inject properties into Object.prototype, exploit requires malicious user interaction. id: CVE-2021-20086 info: name: Odoo Apps - Cross-Site Scriptin...

8.8CVSS7.3AI score0.49565EPSS

Exploits1References2

Tenable Nessus•added yesterday•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-44578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in...

8.6CVSS5.9AI score0.0581EPSS

Exploits7References2

Nuclei•added 2 days ago•14 views

ZimaOS <= v1.2.4 - Sensitive Information Disclosure

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...

7.5CVSS5.8AI score0.75825EPSS

Exploits1References3

Fedora•added 2 days ago•7 views

[SECURITY] Fedora 43 Update: perl-Catalyst-Plugin-Authentication-0.10026-1.fc43

The authentication plugin provides generic user support for Catalyst apps. It is the basis for both authentication checking the user is who they claim to be, and authorization allowing the user to do what the system authorizes them to do...

5.1CVSS5.8AI score0.00007EPSS

Fedora•added 2 days ago•8 views

[SECURITY] Fedora 44 Update: perl-Catalyst-Plugin-Authentication-0.10026-1.fc44

5.1CVSS5.8AI score0.00007EPSS

EUVD•added 2 days ago•7 views

EUVD-2026-33801

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

NVD•added 3 days ago•3 views

CVE-2026-0089

7.8CVSS0.00005EPSS

CVE•added 3 days ago•6 views

CVE-2026-0089

The CVE-2026-0089 issue affects the PackageInstallerService.java component and enables installation of unverified apps due to a missing permission check, enabling local privilege escalation with no extra execution privileges required and no user interaction needed. The core impact is local escala...

Exploits0References1Affected Software1

Vulnrichment•added 3 days ago•6 views

CVE-2026-0089

5.9AI score0.00005EPSS

Cvelist•added 3 days ago•21 views

CVE-2026-0089

0.00005EPSS

ATTACKERKB•added 3 days ago•5 views

CVE-2026-0089

ATTACKERKB•added 3 days ago•5 views

CVE-2021-46747

Insufficient granularity of access control in ASP AMD Secure Processor may allow an attacker with an untrusted user space application to map sensitive SMN System Management Network apertures leading to a potential escalation of privileges...

7.1CVSS5.8AI score0.00012EPSS

Exploits0References3

CVE•added 3 days ago•13 views

CVE-2021-46747

CVE-2021-46747 involves AMD’s Secure Processor (ASP) and is detailed in AMD’s security bulletins. The issue is described as insufficient granularity of access control in the ASP, which could allow an attacker with an untrusted user-space application to map sensitive SMN (System Management Network...

7.1CVSS5.8AI score0.00012EPSS

Nuclei•added 3 days ago•35 views

Jordy Meow AI Engine - Unrestricted File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine- ChatGPT Chatbot.This issue affects AI Engine- ChatGPT Chatbot- from n/a through 1.9.98. id: CVE-2023-51409 info: name: Jordy Meow AI Engine - Unrestricted File Upload author: pussycat0x severity: critical...

10CVSS7.3AI score0.92907EPSS

Exploits4References4

Malwarebytes•added 3 days ago•9 views

Payment apps are watching what you say (Lock and Code S07E11)

This week on the Lock and Code podcast … In the United States today, you can have your bank account closed, your credit cards cancelled, and your online payments revoked for any number of crimes, like funding terrorism, engaging in money laundering, or violating sanctions. Sensible, right? Well,...

5.9AI score

CNNVD•added 3 days ago•2 views

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from insufficient permission checks in multiple functions of PackageInstallerService.java. These vulnerabilities may lead to the installation...

7.8CVSS5.8AI score0.00005EPSS

OSV•added 3 days ago•5 views

ASB-A-485397908

Positive Technologies•added 3 days ago•9 views

PT-2026-45595

5.9AI score0.00005EPSS

Snyk•added 6 days ago•6 views

Malicious Package

Overview power-apps is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score