CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/26 12:0 a.m.•5 views

IBM Cloud Pak for Data System SQL注入漏洞

IBM Cloud Pak for Data System is an enterprise data and AI integration platform provided by IBM. Version 11.3.0.2 of IBM Cloud Pak for Data System, as well as the Interim Fix 002, contain a SQL injection vulnerability. This vulnerability allows for SQL injection attacks, potentially enabling remo...

9.8CVSS5.9AI score0.00049EPSS

Cloud Foundry•added 2026/05/26 12:0 a.m.•3 views

CVE-2026-41704 - Compromised VM can make arbitrary blobstore deletes | Cloud Foundry

MEDIUM CVSS 4.0 Score: 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:H CVSS 3.1 Score: 5.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N Vendor Cloud Foundry Foundation Versions Affected Severity is MEDIUM unless otherwise noted. BOSH Director – All versions prior to v282.1.12...

6.8CVSS6AI score0.00011EPSS

Exploits0

CNNVD•added 2026/05/26 12:0 a.m.•5 views

IBM Cloud Pak for Data System 安全漏洞

IBM Cloud Pak for Data System is an enterprise data and AI integration platform provided by IBM. The version 11.3.0.2 of IBM Cloud Pak for Data System, as well as the Interim Fix 002, contain security vulnerabilities. These vulnerabilities stem from the use of default passwords during the...

7.5CVSS5.8AI score0.00044EPSS

Positive Technologies•added 2026/05/26 12:0 a.m.•6 views

PT-2026-43260

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

7.5CVSS6.8AI score0.00116EPSS

Exploits0References5

EUVD•added 2026/05/25 9:40 p.m.•8 views

EUVD-2026-31758

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0...

ATTACKERKB•added 2026/05/25 9:40 p.m.•5 views

CVE-2026-24527

Vulnrichment•added 2026/05/25 9:40 p.m.•6 views

Exploits0References2

CVE-2026-24527 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.0 - Broken Access Control vulnerability

CVE•added 2026/05/25 9:40 p.m.•15 views

CVE-2026-24527

The CVE-2026-24527 entry covers a Missing Authorization (Broken Access Control) vulnerability in WordPress Autoship Cloud for WooCommerce Subscription Products, affecting versions up to 2.14.0. Root cause is misconfigured access control security levels, enabling potential unauthorized access. CVS...

Cvelist•added 2026/05/25 9:40 p.m.•20 views

CVE-2026-24527 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.0 - Broken Access Control vulnerability

4.3CVSS0.00029EPSS

Patchstack•added 2026/05/25 9:39 p.m.•11 views

WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Autoship Cloud for WooCommerce Subscription Products versions = 2.14.3...

Exploits0Affected Software1

NVD•added 2026/05/25 8:16 p.m.•8 views

CVE-2026-9498

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS0.00046EPSS

CVE•added 2026/05/25 8:0 p.m.•15 views

CVE-2026-9498

Technical details are not publicly available in the provided documents. Monitor for updates.

EUVD•added 2026/05/25 8:0 p.m.•8 views

EUVD-2026-31733

ATTACKERKB•added 2026/05/25 8:0 p.m.•7 views

CVE-2026-9498

Exploits0References4Affected Software1

Cvelist•added 2026/05/25 8:0 p.m.•18 views

CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine

6.5CVSS0.00046EPSS

Vulnrichment•added 2026/05/25 8:0 p.m.•7 views

CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine

NVD•added 2026/05/25 3:16 p.m.•15 views

CVE-2026-9464

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

5.8CVSS0.00043EPSS

NVD•added 2026/05/25 3:16 p.m.•18 views

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS0.00014EPSS

Exploits1References4

OSSF Malicious Packages•added 2026/05/25 2:16 p.m.•9 views

Malicious code in tempo-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad4276e2eafbe6d7040f94ac546ec20e7ac211e1e5906964c25f581a519d183 [email protected] is a dependency-confusion attack package. The package.json preinstall hook executes poc.js, which on every npm install harvests...

5.8AI score