CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 days ago•10 views

CVE-2026-48191

CVE-2026-48191 affects STORM modules in OTRS (versions 7.0.x, 8.0.x, 2023.x, 2024.x, 2025.x, and 2026.x prior to 2026.4.x). The vulnerability arises from incorrect handling of permissions in Document Search Article Meta Filters, enabling an attacker to learn the number of affected CIs, SLA and se...

3.5CVSS5.8AI score0.00021EPSS

ATTACKERKB•added 3 days ago•4 views

CVE-2026-48191

3.5CVSS5.8AI score0.00021EPSS

Exploits0References2Affected Software1

CNNVD•added 3 days ago•3 views

OTRS security vulnerabilities

OTRS is a service management solution developed by the German company OTRS. Vulnerabilities exist in versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X of OTRS, as well as versions before 2026.4.X. These vulnerabilities stem from improper handling of permissions in the document search...

3.5CVSS5.8AI score0.00021EPSS

NVD•added 6 days ago•8 views

CVE-2026-49386

In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas...

6.5CVSS0.00002EPSS

CVE•added 6 days ago•11 views

CVE-2026-49386

CVE-2026-49386 affects JetBrains YouTrack prior to 2026.1.13570, where an improper access control allows enumeration of restricted issues and articles on Planning Canvas. The issue’s impact is limited to information exposure (enumeration) without indicating broader code execution or data modifica...

6.5CVSS5.8AI score0.00002EPSS

Exploits0References1Affected Software1

Circl•added last week•10 views

CVE-2026-48770

creationtimestamp| type| source ---|---|--- 2026-05-28 12:51:30+00:00| seen| https://www.acn.gov.it/portale/w/notepad-poc-pubblici-per-le-cve-2026-48800-cve-2026-48778-e-cve-2026-48770 2026-06-01 04:52:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116673056260872400 2026-06-01...

5.7AI score

Exploits5References3

RedhatCVE•added 2026/05/26 8:14 p.m.•7 views

CVE-2026-9376

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

NVD•added 2026/05/24 11:16 a.m.•6 views

CVE-2026-9376

6.5CVSS0.00038EPSS

EUVD•added 2026/05/24 10:45 a.m.•6 views

EUVD-2026-31590

Vulnrichment•added 2026/05/24 10:45 a.m.•4 views

CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization

Cvelist•added 2026/05/24 10:45 a.m.•9 views

CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization

6.5CVSS0.00038EPSS

CVE•added 2026/05/24 10:45 a.m.•14 views

CVE-2026-9376

CVE-2026-9376 concerns JPress UCenter Article Submission Endpoint (up to 1.0.3). The vulnerable element is an unknown function in /ucenter/article/doWriteSave where manipulating the argument id or userId can lead to improper authorization. The issue can be exploited remotely, and the exploit has ...

CNNVD•added 2026/05/24 12:0 a.m.•4 views

JPress 授权问题漏洞

JPress is a blog platform developed using the Java language by the JPress team. Versions of JPress 1.0.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper handling of the parameter id/userId in the UCenter Article Submission Endpoint component, which...

6.5CVSS6.7AI score0.00038EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•7 views

PT-2026-42936

Microsoft Security Update•added 2026/05/12 5:0 p.m.•112 views

2026-05 Cumulative Update for Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5087545)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

5.8AI score

Exploits0

Circl•added 2026/05/12 3:52 p.m.•6 views

CVE-2026-34329

creationtimestamp| type| source ---|---|--- 2026-05-12 15:52:42+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0141 2026-05-12 16:38:43+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review 2026-05-13 01:08:48+00:00| seen|...

8.8CVSS5.7AI score0.00096EPSS

Circl•added 2026/05/12 10:21 a.m.•3 views

CVE-2026-28914

creationtimestamp| type| source ---|---|--- 2026-05-12 10:21:51+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-apple-macos-security-update-review 2026-05-12 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260513 2026-05-26...

5.5CVSS5.7AI score0.00018EPSS

Exploits0References3

RedhatCVE•added 2026/05/11 8:25 p.m.•6 views

CVE-2026-42287

Emlog is an open source website building system. Prior to version 2.6.11, direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or system destruction. This issue has been...

10CVSS6.1AI score0.0004EPSS

NVD•added 2026/05/11 6:16 p.m.•5 views

CVE-2026-34094

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

3.8CVSS0.00032EPSS