CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 6 days ago•5 views

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

4.3CVSS5.4AI score0.00035EPSS

Positive Technologies•added 6 days ago•8 views

PT-2026-46878

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

5.6AI score0.00041EPSS

ATTACKERKB•added 2026/06/04 2:9 p.m.•4 views

CVE-2026-45739

3.1CVSS5.8AI score0.00035EPSS

Exploits0References6Affected Software1

EUVD•added 2026/05/28 8:59 p.m.•7 views

EUVD-2026-33059

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer's authentication middleware accepts JWT bearer tokens passed...

7.7CVSS5.8AI score0.00059EPSS

Exploits1References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в webkit2gtk

“Clear History and Website Data” did not successfully clear the browsing history. The issue was resolved through improved data deletion mechanisms. This issue has been fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3, and iPadOS 14.3, as we...

3.3CVSS6.6AI score0.00033EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в chromium

A heap buffer overflow in the Browser History component of Google Chrome prior to version 112.0.5615.49 allowed a remote attacker who convinced a user to perform certain UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.5AI score0.00885EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41972

Name of the Vulnerable Software and Affected Versions Strawberry GraphQL versions 0.288.4 through 0.315.3 Description The bundled GraphiQL template in Strawberry GraphQL writes values from the headers editor into the browser URL query string. This occurs because the strawberry/static/graphiql.htm...

3.1CVSS6AI score0.00035EPSS

Exploits0References9

NVD•added 2026/05/14 5:16 p.m.•8 views

CVE-2025-62317

2.6CVSS0.00026EPSS

EUVD•added 2026/05/14 4:13 p.m.•5 views

EUVD-2025-209857

Cvelist•added 2026/05/14 4:13 p.m.•35 views

CVE-2025-62317 HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters.

2.6CVSS0.00026EPSS

CVE•added 2026/05/14 4:13 p.m.•10 views

CVE-2025-62317

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters, potentially exposing data through browser history, logs, or intermediary systems. The connected documents confirm the issue but do not provide a remediation or detailed exploit information. CVSS...

ATTACKERKB•added 2026/05/14 4:13 p.m.•4 views

CVE-2025-62317

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/14 12:0 a.m.•10 views

PT-2026-40958

Cvelist•added 2026/05/11 8:32 p.m.•27 views

CVE-2026-43875 WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly fro...

6.8CVSS0.0001EPSS

Github Security Blog•added 2026/05/05 7:8 p.m.•8 views

AVideo: Password Hash Leak in MobileManager OAuth Redirect URL Enables Account Takeover

Summary plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly from the users table. AVideo's own login endpoint objects/login.json.php accept...

6.8CVSS5.8AI score0.0001EPSS

Exploits0References4Affected Software1

OSV•added 2026/05/03 8:58 p.m.•4 views

MAL-2026-3251 Malicious code in puan31 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d04731b8fc3968b624ec2435d48b09d1afffb46fefb44745c2c8ff31bf4855 During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensiti...

6AI score

OSV•added 2026/05/03 12:16 p.m.•2 views

MAL-2026-3243 Malicious code in puan3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 531ab02814e67f81e5c82fb57b72d59c3972d0975932f6e9d00ea680040e9a13 During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like the browser's history and sensiti...

6AI score