CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

370 matches found

RedhatCVE•added 2026/06/11 2:59 a.m.•8 views

CVE-2026-9752

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

7.1CVSS5.4AI score0.0027EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:2 p.m.•12 views

CVE-2026-48565

Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally...

7.8CVSS7.1AI score0.00432EPSS

Exploits0References1

CVE•added 2026/06/09 5:4 p.m.•15 views

CVE-2026-45453

CVE-2026-45453 affects Microsoft Office SharePoint Server and stems from improper neutralization of input during web page generation, enabling an authorized attacker to perform spoofing over a network via a cross-site scripting (XSS) flaw. The vulnerability involves the web-page generation compon...

5.4CVSS5.4AI score0.0051EPSS

Exploits0References1Affected Software1

CVE•added 2026/06/03 1:28 p.m.•16 views

CVE-2026-47324

ProjectsAndPrograms school-management-system is vulnerable to Stored XSS in multiple attributes of student and teacher objects. An authorized attacker (e.g., a teacher or administrator) can inject malicious JavaScript that executes in other users’ browsers. When chained with CVE-2025-11661 (unaut...

5.1CVSS6.1AI score0.00291EPSS

Exploits0References2

Positive Technologies•added 2026/05/23 12:0 a.m.•12 views

PT-2026-42872

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.8 Description Authenticated non-admin members can connect to the server-status WebSocket endpoint '/api/v1/ws/server' and receive telemetry for all servers, including those owned by other users. Whil...

6.5CVSS5.2AI score0.0027EPSS

Exploits0References7

CVE•added 2026/05/21 11:43 a.m.•19 views

CVE-2026-45760

Apache Camel K (CVE-2026-45760) contains a cross-namespace build execution vulnerability: authorized users in a Kubernetes namespace can create a Build resource that controls Pod generation in a target namespace, including the operator namespace, via externally controlled resource references and ...

8.1CVSS5.8AI score0.00325EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в xen

Observable discrepancies in response times of some Intel processors may allow authorized users to potentially disclose information through local access...

6.5CVSS6.6AI score0.00372EPSS

Exploits0References1

Snyk•added 2026/05/18 4:23 p.m.•6 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the content field of the Pages module due to improper sanitization and output encoding. An attacker can execute arbitrary JavaScript in the...

8.7CVSS5.8AI score0.00062EPSS

Exploits0References2

Microsoft CVE•added 2026/05/12 2:0 p.m.•8 views

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00254EPSS

Exploits0

NVD•added 2026/04/24 12:16 a.m.•5 views

CVE-2026-31952

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

8.1CVSS0.00246EPSS

Exploits0References5

ATTACKERKB•added 2026/04/24 12:5 a.m.•2 views

CVE-2026-31952

7.6CVSS5.9AI score0.00246EPSS

Exploits0References6Affected Software1

CVE•added 2026/04/24 12:5 a.m.•8 views

CVE-2026-31952

Vulnerability: CVE-2026-31952 affects Xibo CMS. Versions 1.7–4.4.0 expose an SQL injection in the API routes responsible for Filtering DataSets. An authenticated user with either the Access to DataSet Feature or Access to the Layout Feature privilege can inject crafted values to extract/modify da...

8.1CVSS5.9AI score0.00246EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/04/07 2:12 p.m.•2 views

CVE-2026-5380

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS5.8AI score0.00196EPSS

Exploits0References3

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-30875

5.3CVSS5.8AI score0.00196EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:4 p.m.•5 views

CVE-2025-40943

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitiz...

9.6CVSS6.1AI score0.00458EPSS

Exploits0References1