CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/06/11 12:0 a.m.•24 views

RHEL 9 : openssl (RHSA-2026:25239)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25239 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

9.1CVSS6AI score0.01409EPSS

Tenable Nessus•added 2026/06/11 12:0 a.m.•4 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenSSL vulnerabilities (USN-8414-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8414-1 advisory. Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use...

9.1CVSS6.5AI score0.01409EPSS

Exploits0References16

AlmaLinux•added 2026/06/11 12:0 a.m.•4 views

Important: openssl security update

9.1CVSS5.8AI score0.01409EPSS

OSV•added 2026/06/11 12:0 a.m.•5 views

ALSA-2026:25237 Important: openssl security update

9.1CVSS5.8AI score0.01409EPSS

Packet Storm•added 2026/06/11 12:0 a.m.•29 views

📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass

This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may permit unauthorized access to privileged migration functionality. Versions 5.9.5 and below are affected...

7.3CVSS5.5AI score0.00283EPSS

Exploits3

NVD•added 2026/06/10 10:17 p.m.•7 views

CVE-2026-53634

Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entit...

4.3CVSS0.00213EPSS

Exploits0References4

NVD•added 2026/06/10 5:16 p.m.•7 views

CVE-2026-46616

Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious...

6.1CVSS0.0018EPSS

NVD•added 2026/06/10 5:16 p.m.•11 views

CVE-2026-46609

Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0...

4.6CVSS0.00136EPSS

EUVD•added 2026/06/10 3:59 p.m.•8 views

EUVD-2026-36070

4.6CVSS5.4AI score0.00136EPSS

Cvelist•added 2026/06/10 3:59 p.m.•24 views

CVE-2026-46609 Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

4.6CVSS0.00136EPSS

Cvelist•added 2026/06/10 3:56 p.m.•22 views

CVE-2026-46616 Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers

5.4CVSS0.0018EPSS

EUVD•added 2026/06/10 3:56 p.m.•5 views

EUVD-2026-36069

5.4CVSS5.4AI score0.0018EPSS

RedhatCVE•added 2026/06/10 3:0 p.m.•6 views

CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

5.3CVSS5.5AI score0.00414EPSS

RedhatCVE•added 2026/06/10 3:0 p.m.•7 views

CVE-2026-47348

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS5.5AI score0.00467EPSS

RedhatCVE•added 2026/06/10 2:59 p.m.•7 views

CVE-2026-11607

Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS6AI score0.00414EPSS

RedhatCVE•added 2026/06/10 2:59 p.m.•6 views

CVE-2026-47343

Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...

7.2CVSS5.5AI score0.00414EPSS

RedhatCVE•added 2026/06/10 2:59 p.m.•6 views

CVE-2026-49741

Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

8.7CVSS5.7AI score0.0037EPSS

RedhatCVE•added 2026/06/10 1:34 p.m.•6 views

CVE-2026-42768

A flaw was found in OpenSSL's CMSdecrypt and PKCS7decrypt functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME...

6.3CVSS5.4AI score0.00351EPSS

RedhatCVE•added 2026/06/10 1:26 p.m.•5 views

CVE-2026-9076

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

7.5CVSS5AI score0.00297EPSS