CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•4 views

CVE-2026-41575

In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting XSS vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been...

6.1CVSS5.8AI score0.00033EPSS

RedhatCVE•added yesterday•2 views

CVE-2026-30810

Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800...

8.8CVSS5.5AI score0.00017EPSS

Github Security Blog•added yesterday•7 views

Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

5.5AI score

Exploits0References3Affected Software1

Nuclei•added yesterday•15 views

CodeChecker <= 6.24.1 - Authentication Bypass

Authentication bypass occurs when the API URL ends with Authentication, Configuration or ServerInfo. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. id: CVE-2024-10081 info:...

10CVSS5.4AI score0.73908EPSS

Exploits0References3

NVD•added 2 days ago•6 views

CVE-2026-50076

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

9.1CVSS0.00067EPSS

Exploits0References2

Cvelist•added 2 days ago•32 views

CVE-2026-50076 Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass

0.00067EPSS

CVE•added 2 days ago•11 views

CVE-2026-50076

CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...

9.1CVSS5.8AI score0.00067EPSS

Exploits0References2

Positive Technologies•added 2 days ago•9 views

PT-2026-46269

9.1CVSS5.8AI score0.00067EPSS

Exploits0References3

Packet Storm News•added 3 days ago•2 views

Description-Code Inconsistency in Real-World MCP Servers: Measurement, Detection, and Security Implications

The Model Context Protocol MCP has emerged as a critical standard empowering Large Language Models LLMs to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool...

6AI score

Exploits0

OSV•added 4 days ago•3 views

OPENSUSE-SU-2026:20892-1 Security update for yq

This update for yq fixes the following issues: Changes in yq: - Fix multiple CVEs: CVE-2026-27136 GO-2026-5030 CVE-2026-25681 GO-2026-5029 CVE-2026-25680 GO-2026-5028 CVE-2026-42502 GO-2026-5027 CVE-2026-42506 GO-2026-5025 bsc1267053 CVE-2026-39821 GO-2026-5026 bsc1267199 - update to v4.53.2 Add...

9.6CVSS5.9AI score0.00061EPSS

Exploits1References17

GithubExploit•added 4 days ago•69 views

Exploit for CVE-2026-46243

CIFSwitch Checker - CVE-2026-46243 Checker para Linux que p...

7.8CVSS5.8AI score0.00016EPSS

Exploits4

GithubExploit•added 4 days ago•126 views

Exploit for CVE-2026-46243

CIFSwitch Checker - CVE-2026-46243 Checker para Linux que p...

7.8CVSS5.8AI score0.00016EPSS

Exploits4

NVD•added 2026/05/28 9:16 a.m.•14 views

CVE-2026-9015

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS0.00046EPSS

ATTACKERKB•added 2026/05/28 7:43 a.m.•9 views

CVE-2026-9015

Vulnrichment•added 2026/05/28 7:43 a.m.•6 views

Exploits0References11

CVE-2026-9015 Equalize Digital Accessibility Checker <= 1.42.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Accessibility Issue Modification via edac_insert_ignore_data AJAX Action

CVE•added 2026/05/28 7:43 a.m.•7 views

CVE-2026-9015

The CVE-2026-9015 entry concerns the WordPress plugin Equalize Digital Accessibility Checker (WCAG/ADA/EAA/Section 508) with versions

Positive Technologies•added 2026/05/28 12:0 a.m.•5 views

PT-2026-44220

CNNVD•added 2026/05/28 12:0 a.m.•7 views

Exploits0References11

WordPress plugin Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...