CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 4 days ago•6 views

CVE-2026-11440

6.5CVSS0.00043EPSS

ATTACKERKB•added 4 days ago•6 views

CVE-2026-11440

6.5CVSS5.2AI score0.00043EPSS

Exploits0References7Affected Software1

CVE•added 4 days ago•17 views

CVE-2026-11440

The CVE-2026-11440 entry pertained to The Onedev onedev up to version 15.0.5. It involves the REST API path /repositories/{projectId}/default-branch where manipulating the project.defaultBranch argument leads to improper authorization. The issue could be exploited remotely. A fix is available in ...

6.5CVSS6.3AI score0.00043EPSS

Vulnrichment•added 4 days ago•3 views

CVE-2026-11440 theonedev REST API default-branch improper authorization

6.5CVSS6.3AI score0.00043EPSS

EUVD•added 4 days ago•7 views

EUVD-2026-34975

6.5CVSS5.2AI score0.00043EPSS

Cvelist•added 4 days ago•24 views

CVE-2026-11440 theonedev REST API default-branch improper authorization

6.5CVSS0.00043EPSS

Positive Technologies•added 4 days ago•7 views

PT-2026-47164

Name of the Vulnerable Software and Affected Versions onedev versions prior to 15.0.6 Description Improper authorization exists in the REST API component. A remote attacker can manipulate the project.defaultBranch argument within the '/repositories/projectId/default-branch' endpoint to bypass...

6.5CVSS6.6AI score0.00043EPSS

Exploits0References9

5.3CVSS3.8AI score0.00013EPSS

CVE-2026-6034

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCHID can lead to cross site scripting. The attack may be launched remotely. The exploi...

RedhatCVE•added 5 days ago•4 views

CVE-2026-6035

A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation of the argument BRANCHID leads to cross site scripting. Remote exploitation of the attack i...

5.3CVSS3.8AI score0.00013EPSS

4.3CVSS5.4AI score0.00024EPSS

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

RedhatCVE•added 5 days ago•5 views

CVE-2026-8669

Imager versions through 1.030 for Perl allow a heap out of bounds OOB write on crafted multi-frame GIF files. Imager::File::GIF's ireadgifmultilow allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match...

6.5CVSS5.7AI score0.00012EPSS

RedhatCVE•added 5 days ago•7 views

CVE-2026-8767

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

7.5CVSS4.9AI score0.00307EPSS

Exploits1References1

RedhatCVE•added 5 days ago•5 views

CVE-2026-7076

A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /editbranch.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed a...

7.5CVSS7AI score0.00043EPSS

6.3CVSS5.5AI score0.00062EPSS

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

RedhatCVE•added 5 days ago•5 views

CVE-2026-6038

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCHID leads to sql injection. The attack may be performed from remote. The exploit is...

7.5CVSS7.1AI score0.00043EPSS

7.5CVSS7AI score0.00014EPSS

CVE-2026-6149

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCHID can lead to sql injection. The attack may be performed from remote. The...