CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9651 matches found

CVE•added 2026/06/10 5:34 p.m.•7 views

CVE-2026-50570

Fission prior to v1.25.0 allowed tenant-created Function/Environment CRDs to request securityContext.capabilities.add: ["SYS_TIME"] despite a fixed denylist (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The validation/merge-layer sanitization did not block CAP_SYS...

8.5CVSS5.5AI score0.00274EPSS

Exploits0References3

RedhatCVE•added 2026/06/10 3:0 p.m.•5 views

CVE-2026-4058

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...

4.3CVSS5.5AI score0.00165EPSS

Exploits0References1

NVD•added 2026/06/10 2:16 p.m.•5 views

CVE-2024-58350

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...

4CVSS0.0011EPSS

Exploits0References2

Cvelist•added 2026/06/10 12:36 p.m.•32 views

CVE-2024-58350 Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order

2.9CVSS0.0011EPSS

Exploits0References2

NVD•added 2026/06/10 7:16 a.m.•16 views

CVE-2026-9067

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

9.1CVSS0.00256EPSS

Exploits1References1

CVE•added 2026/06/10 6:0 a.m.•24 views

CVE-2026-9067

The CVE-2026-9067 affects the Schema & Structured Data for WP & AMP WordPress plugin prior to 1.60. The vulnerability stems from frontend AJAX file-upload handlers that do not enforce user capabilities and do not validate the uploaded content against the endpoint’s intended media type, allowing u...

9.1CVSS5.5AI score0.00256EPSS

Exploits1References1

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48553

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate post dismiss notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate post show notice site option,...

5.1CVSS5.2AI score0.00104EPSS

Exploits0References3

Positive Technologies•added 2026/06/10 12:0 a.m.•5 views

PT-2026-48402

2.9CVSS5.5AI score0.0011EPSS

Exploits0References3

CNNVD•added 2026/06/10 12:0 a.m.•2 views

National Security Agency Ghidra 安全漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to version 11.2 contained security vulnerabilities. These vulnerabilities were caused by an undefined static initialization...

4CVSS5.4AI score0.0011EPSS

Exploits0References1

CNNVD•added 2026/06/10 12:0 a.m.•3 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of inclusion of CAPSYSTIME in the capability checks during PodSpec security validation. As a result, tenan...

8.5CVSS5.5AI score0.00274EPSS

Exploits0References1

NVD•added 2026/06/09 10:16 a.m.•13 views

CVE-2026-46748

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected system includes a binary that is configured with the capdacoverride capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access...

8.8CVSS0.00206EPSS

Exploits0References1

NVD•added 2026/06/09 10:16 a.m.•9 views

CVE-2026-4058

4.3CVSS0.00165EPSS

Exploits0References2

Cvelist•added 2026/06/09 9:28 a.m.•35 views

CVE-2026-4058 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation

4.3CVSS0.00165EPSS

Exploits0References2

EUVD•added 2026/06/09 9:28 a.m.•9 views

EUVD-2026-35388

4.3CVSS5.5AI score0.00165EPSS

Exploits0References2

CVE•added 2026/06/09 9:28 a.m.•16 views

CVE-2026-4058

The CVE-2026-4058 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration”. A missing capability check in user_subscription_cancel() across all versions up to 4.3.2 allows authenticated users with Subscriber-level ac...

4.3CVSS5.5AI score0.00165EPSS

Exploits0References2

Vulnrichment•added 2026/06/09 9:28 a.m.•5 views

4.3CVSS5.5AI score0.00165EPSS

Exploits0References2

Vulnrichment•added 2026/06/09 8:46 a.m.•5 views

CVE-2026-46748

8.8CVSS5.5AI score0.00206EPSS

Exploits0References1

CVE•added 2026/06/09 8:46 a.m.•16 views

CVE-2026-46748

CVE-2026-46748 affects SINEC INS (all versions

8.8CVSS5.5AI score0.00206EPSS

Exploits0References1Affected Software1

EUVD•added 2026/06/09 8:46 a.m.•8 views

EUVD-2026-35385

8.8CVSS5.5AI score0.00206EPSS

Exploits0References1

Vulnrichment•added 2026/06/09 6:0 a.m.•7 views

CVE-2026-8981 Lazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

5.7AI score0.00142EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by