CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•17 views

PHPJabbers Callback Widget v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. id: CVE-2023-40755 info: name: PHPJabbers Callback Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site Scripting...

6.1CVSS6.3AI score0.01202EPSS

Positive Technologies•added yesterday•7 views

PT-2026-51607

Name of the Vulnerable Software and Affected Versions Poweradmin versions prior to 4.2.4 Poweradmin versions prior to 4.3.3 Description Poweradmin is a web-based DNS administration tool for PowerDNS server. The software uses the attacker-controlled HTTP HOST request header as the authoritative...

9.6CVSS6AI score

Exploits0References7

ATTACKERKB•added 2 days ago•9 views

CVE-2026-6673

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS6AI score0.00177EPSS

Exploits0References2Affected Software1

Cvelist•added 2 days ago•32 views

CVE-2026-6673 Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install

6.4CVSS0.00177EPSS

CVE•added 2 days ago•10 views

CVE-2026-6673

Mattermost Jira plugin (CVE-2026-6673) authenticates poorly during Atlassian Connect install. Affected Mattermost versions (11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x

6.4CVSS6AI score0.00177EPSS

Exploits0References1Affected Software1

EUVD•added 4 days ago•8 views

EUVD-2026-38126

Capgo before 12.128.2 contains an open redirect vulnerability in stripeportal and stripecheckout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for...

4.8CVSS5.9AI score0.00152EPSS

Positive Technologies•added 4 days ago•10 views

PT-2026-51158

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An open redirect issue exists in the 'stripe portal' and 'stripe checkout' endpoints. These endpoints accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers ca...

4.8CVSS5.9AI score0.00152EPSS

Exploits0References7

Cvelist•added 5 days ago•16 views

CVE-2026-12726 Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential

A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...

6.3CVSS0.00204EPSS

CVE•added 5 days ago•13 views

CVE-2026-3195

CVE-2026-3195 : In QEMU’s virtio-snd, the heap buffer overflow occurs in the input callback (virtio_snd_pcm_in_cb) due to an incomplete bounds/iov check. The Attackerkb entry reiterates that the function does not verify whether the iov can fit the data buffer, enabling a heap out-of-bounds write....

7.4CVSS5.8AI score0.00112EPSS

ATTACKERKB•added 5 days ago•6 views

CVE-2026-3195

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.4CVSS5.8AI score0.00112EPSS

Exploits0References3Affected Software6

Cvelist•added 5 days ago•28 views

CVE-2026-3195 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)

7.4CVSS0.00112EPSS

EUVD•added 5 days ago•5 views

EUVD-2026-38043

7.8CVSS7AI score0.00273EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drivers: perf: marvellcn10k: Fixed a leak in the hotplug callback in tadpmuinit. The tadpmuinit function does not remove the callback added by cpuhpsetupstatemulti when platformdriverregister fails. Remove the callback by usin...

5.4AI score0.00166EPSS

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: htchst: In the ath9khtcrxmsg function, if there is no callback function, the provided skb is not freed. It is stated that ath9khtcrxmsg either frees the provided skb or passes its management to another callback...

5.2AI score0.00165EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470xintincallback syzbot reported a use-after-free in si470xintincallback. This indicates that urb-context, which contains a struct si470xdevice object, is freed when si470xintincallback is...

7.8CVSS5.8AI score0.00148EPSS

8.4CVSS7.3AI score0.00255EPSS

Astra Linux – Vulnerability in assimp

A vulnerability exists in assimp v.5.4.3, allowing a local attacker to execute arbitrary code through the CallbackToLogRedirector function within the Assimp library...

Exploits1References2

5.5CVSS4.9AI score0.00222EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Added a check on the callback function pointer before its call. In dpucoreirqcallbackhandler, the pointer pointing to the callback function is checked to be NULL. However, the callback function is then called...