CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added yesterday•15 views

CVE-2026-12163 Stored XSS in Fortra File Integrity Monitoring (FIM)

5.5CVSS

CVE•added yesterday•7 views

CVE-2026-12163

Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored XSS in the Asset View UI. An authenticated user capable of creating/modifying affected node or database configuration fields can store script content that is rendered as HTML when Asse...

5.5CVSS5.7AI score

ATTACKERKB•added yesterday•2 views

CVE-2026-12163

5.5CVSS5.7AI score

NVD•added 3 days ago•7 views

CVE-2026-56384

Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview...

5.3CVSS0.00193EPSS

EUVD•added 3 days ago•6 views

EUVD-2026-38179

Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...

5.3CVSS5.9AI score0.00221EPSS

CVE•added 3 days ago•12 views

CVE-2026-56384

Craft CMS has a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview link for that...

5.3CVSS5.9AI score0.00193EPSS

EUVD•added 3 days ago•5 views

EUVD-2026-38178

5.3CVSS5.9AI score0.00193EPSS

ATTACKERKB•added 3 days ago•3 views

CVE-2026-56384

5.3CVSS5.9AI score0.00193EPSS

Exploits0References4

Github Security Blog•added 5 days ago•14 views

@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing

Arbitrary Cloudinary API Parameter Signing in @jhb.software/payload-cloudinary-plugin Summary @jhb.software/payload-cloudinary-plugin v0.3.4 exposes a server-side signing endpoint POST /api/cloudinary-generate-signature that passes attacker-supplied paramsToSign directly to...

6.1AI score

Exploits0References2Affected Software1

NVD•added 5 days ago•8 views

CVE-2026-48089

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...

7.1CVSS0.00235EPSS

CVE•added 5 days ago•20 views

CVE-2026-48089

CVE-2026-48089 affects DevGuard. Before patch 1.4.2, an authenticated user, including from other orgs with no membership, could write and manage VEX rules and related vulnerability-triage endpoints on assets marked public. The root cause is improper authorization for public assets, enabling write...

7.1CVSS5.9AI score0.00235EPSS

NVD•added 5 days ago•7 views

CVE-2026-49288

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources...

4.3CVSS0.00162EPSS

CVE•added 5 days ago•18 views

CVE-2026-49288

Statamic CMS patch for CVE-2026-49288 fixes a missing authorization on Control Panel fieldtype endpoints that allowed an authenticated CP user to view restricted metadata and content (entries, assets, users, roles, groups, etc.). The issue could disclose titles, custom field values, entry content...

4.3CVSS5.8AI score0.00162EPSS

Tenable Nessus•added 6 days ago•6 views

Siemens (CVE-2025-49794)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

9.1CVSS6.6AI score0.00669EPSS

Tenable Nessus•added 6 days ago•7 views

Siemens RUGGEDCOM RST2428P Stack-based Buffer Overflow (CVE-2025-6170)

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...

2.5CVSS6.5AI score0.0019EPSS

NVD•added 2026/06/17 10:54 a.m.•8 views

CVE-2026-46932

Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

7.1CVSS0.0036EPSS

NVD•added 2026/06/17 10:54 a.m.•6 views

CVE-2026-46931

Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS0.00402EPSS

Positive Technologies•added 2026/06/16 12:0 a.m.•10 views

PT-2026-50035

8.8CVSS5.3AI score0.00402EPSS