CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/05/28 2:15 p.m.•11 views

CVE-2026-9628

A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer...

9CVSS7.8AI score0.00046EPSS

RedhatCVE•added 2026/05/28 2:15 p.m.•6 views

CVE-2026-9430

A vulnerability was determined in Tenda F1202 1.2.0.20408. Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

9CVSS7.9AI score0.00048EPSS

IBM Security Bulletins•added 2026/05/28 1:24 p.m.•7 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.3 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extrem...

9.8CVSS6.5AI score0.00085EPSS

Exploits0Affected Software1

Vulnrichment•added 2026/05/28 1:5 p.m.•6 views

CVE-2026-8979 Authentication Bypass

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

10CVSS5.8AI score0.00118EPSS

Exploits1References1

RedhatCVE•added 2026/05/28 10:5 a.m.•12 views

CVE-2026-45104

A flaw was found in MapServer. A remote attacker can exploit this vulnerability by sending a specially crafted Styled Layer Descriptor SLD via the Web Map Service WMS SLDBODY parameter. This can lead to a NULL pointer dereference, causing a Denial of Service DoS condition...

7.5CVSS5.8AI score0.00053EPSS

Exploits1References2

ATTACKERKB•added 2026/05/28 9:27 a.m.•7 views

CVE-2026-9813

FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...

6.2CVSS5.8AI score0.00044EPSS

NVD•added 2026/05/28 9:16 a.m.•10 views

CVE-2026-9804

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS0.00029EPSS

NVD•added 2026/05/28 8:16 a.m.•12 views

CVE-2026-6427

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

6.4CVSS0.00047EPSS

Exploits0References8

The Hacker News•added 2026/05/28 7:54 a.m.•16 views

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social engineering...

6AI score

Exploits0

GithubExploit•added 2026/05/28 6:40 a.m.•63 views

claude-security-scanner

🇨🇳 ⚡ bash git clone https://github.com/290298661...

Snyk•added 2026/05/28 6:0 a.m.•3 views

Exploits0

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the virt-exportserver process. An attacker can access sensitive files from the exporter pod's filesystem by placing a symbolic link within an exported filesystem Persistent Volume Claim PVC that points outside its...

7.7CVSS5.5AI score0.00029EPSS

Snyk•added 2026/05/28 6:0 a.m.•7 views

Symlink Attack

7.7CVSS5.8AI score0.00029EPSS

ATTACKERKB•added 2026/05/28 3:44 a.m.•10 views

CVE-2026-9794

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

5.3CVSS5.7AI score0.00038EPSS

Exploits0References3

RedHat Linux•added 2026/05/28 2:21 a.m.•12 views

kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks

A flaw was found in the Linux kernel's XFS filesystem. When adding extended attributes xattrs, which are metadata associated with files, to leaf blocks, incorrect adjustments to the freemap can occur. This inconsistency allows the entries array and free space to overlap, leading to an assertion...

8.8CVSS5.8AI score0.00109EPSS

Exploits0References5

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•8 views

Malicious code in @cloudplatform-single-spa/svp-agent-backup (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•10 views

Malicious code in @cloudplatform-single-spa/dataplatform-metastore (npm)

OSV•added 2026/05/28 12:0 a.m.•6 views

MAL-2026-4996 Malicious code in @cloudplatform-single-spa/vdi (npm)