CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 5 days ago•27 views

CVE-2026-55477 Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...

7.2CVSS0.00342EPSS

EUVD•added 5 days ago•4 views

EUVD-2026-39432

7.2CVSS6.4AI score0.00342EPSS

CVE•added 5 days ago•9 views

CVE-2026-55477

3X-UI before version 3.3.1 is affected. An authenticated administrator can abuse the database import functionality to write arbitrary files on the host by altering Xray configuration values stored in the database, enabling code execution and persistent access as the Xray process user (including r...

7.2CVSS6.4AI score0.00342EPSS

The Hacker News•added 5 days ago•13 views

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube ID: cmedhionkhpnakcndndgjdbohmhepckk, has more than 10 million installs and carries a Featured badge ...

6.3AI score

Exploits0

CVE•added 5 days ago•10 views

CVE-2026-56054

CVE-2026-56054 affects the WordPress JS Help Desk plugin (versions <= 3.1.1). The vulnerability allows Arbitrary File Deletion within the plugin, with impact described as high (availability impact) and CVSS 3.1 base score 7.7. The advisory does not provide root cause specifics or remediation s...

7.7CVSS5.8AI score0.0045EPSS

Cvelist•added 5 days ago•31 views

CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS0.0045EPSS

EUVD•added 5 days ago•5 views

EUVD-2026-39383

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS5.8AI score0.0045EPSS

8.8CVSS6.6AI score0.00284EPSS

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

RedHat Linux•added 5 days ago•7 views

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.3CVSS6.2AI score0.00304EPSS

Exploits2References2

RedHat Linux•added 5 days ago•6 views

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

7.5CVSS7AI score0.01052EPSS

Exploits1References10

RedHat Linux•added 5 days ago•5 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Exploits1References2

8.8CVSS6.2AI score0.004EPSS

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

RedHat Linux•added 5 days ago•5 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...

7.5CVSS6.5AI score0.01052EPSS

Exploits1References2

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

Exploits1References10

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syste...

Exploits1References2

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

RedHat Linux•added 5 days ago•8 views

Exploits1References10

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

7.3CVSS6.3AI score0.00304EPSS

Exploits2References2

OSV•added 5 days ago•11 views

SUSE-SU-2026:2628-1 Security update for libzypp

This update for libzypp fixes the following issue - CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to be overwritten bsc1259802. - CVE-2026-44942: Fixed possible path traversal attacks via .repo files 'path=' entries bsc1267874...

8.8CVSS5.9AI score0.00329EPSS