CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•5 views

CVE-2026-20171

A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...

6.8CVSS5.5AI score0.00039EPSS

RedhatCVE•added 2 days ago•6 views

CVE-2026-22154

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3,...

5.4CVSS4.9AI score0.00033EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-3820

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

7.2CVSS5.9AI score0.00072EPSS

RedhatCVE•added 2 days ago•4 views

CVE-2026-5617

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handlereturntoadmin function trusting a client-controlled cookie oclauporiginaladmin to determine which user to authenticate as, without any server-side...

8.8CVSS5.5AI score0.00054EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-46840

Vulnerability in Oracle REST Data Services component: Backend-as-a-Service. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in...

10CVSS5.4AI score0.00114EPSS

Exploits1References1

ATTACKERKB•added 2 days ago•4 views

CVE-2026-45749

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /users/totp/disable and POST /users/totp/backup-codes endpoints in Termix prior to version 2.3.2 accept the account password as a sole authentication factor for MFA-critical...

8.1CVSS5.5AI score0.00057EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2 days ago•8 views

NocoDB: OAuth Authorization Code Race Condition

Summary Two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. Details The token-exchange flow read isused and called markAsUsed as an unconditional upda...

5.6AI score

Exploits0References3Affected Software1

ATTACKERKB•added 3 days ago•7 views

CVE-2026-3820

7.2CVSS6.2AI score0.00072EPSS

Exploits0References2Affected Software1

EUVD•added 3 days ago•6 views

EUVD-2026-34226

7.2CVSS6.2AI score0.00072EPSS

SUSE CVE•added 3 days ago•5 views

SUSE CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS6.1AI score0.0004EPSS

Exploits1References3

Positive Technologies•added 3 days ago•9 views

PT-2026-46158

7.2CVSS6.2AI score0.00072EPSS

Snyk•added 4 days ago•6 views

Malicious Package

Overview chai-as-type is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Snyk•added 4 days ago•5 views

Malicious Package

Overview chai-as-json is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Snyk•added 4 days ago•5 views

Malicious Package

Overview chai-as-commited is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Snyk•added 4 days ago•3 views

Malicious Package

Overview chai-as-patch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Snyk•added 4 days ago•6 views

Malicious Package

Overview chai-as-listened is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Snyk•added 4 days ago•3 views

Malicious Package

Overview chai-as-belonged is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

RedhatCVE•added 4 days ago•5 views

CVE-2026-9334

A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...

7.3CVSS5.8AI score0.00037EPSS