CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/15 9:30 p.m.•11 views

EUVD-2026-36799

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.1AI score0.00238EPSS

Exploits0References3

EUVD•added 2026/06/15 9:30 p.m.•8 views

EUVD-2026-36794

Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...

8.6CVSS6.3AI score0.00525EPSS

Exploits2References4

EUVD•added 2026/06/15 9:30 p.m.•10 views

EUVD-2026-36771

An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file...

5.8AI score0.00441EPSS

EUVD•added 2026/06/15 9:30 p.m.•7 views

EUVD-2026-36770

An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request...

5.7AI score0.0056EPSS

EUVD•added 2026/06/15 9:30 p.m.•6 views

EUVD-2026-36757

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

6.2AI score0.00627EPSS

EUVD•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36759

An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component...

5.9AI score0.00515EPSS

EUVD•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36743

remotion-dev remotion v4.0.409 was discovered to contain a remote code execution RCE vulnerability...

6.1AI score0.0081EPSS

EUVD•added 2026/06/15 9:30 p.m.•6 views

EUVD-2025-210155

An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...

6AI score0.00284EPSS

NVD•added 2026/06/15 9:17 p.m.•5 views

CVE-2026-48836

Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...

10CVSS0.00572EPSS

NVD•added 2026/06/15 9:16 p.m.•6 views

CVE-2026-39465

Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...

9.1CVSS0.0068EPSS

GithubExploit•added 2026/06/15 8:58 p.m.•49 views

glibc-static-nss-poc

glibc-static-nss-poc Proof of Concept demonstrating how stati...

6.6AI score

Exploits0

Cvelist•added 2026/06/15 8:54 p.m.•28 views

CVE-2026-48017 DbGate: Remote Code Execution via functionName injection in loadReader endpoint

DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, ...

8.8CVSS0.0051EPSS

CVE•added 2026/06/15 8:54 p.m.•32 views

CVE-2026-48017

Summary (CVE-2026-48017) DbGate

8.8CVSS5.9AI score0.0051EPSS

Debian•added 2026/06/15 8:28 p.m.•8 views

[SECURITY] [DSA 6346-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6346-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2026 https://www.debian.org/security/faq -...

6.9CVSS5.7AI score0.00171EPSS

Exploits0

Cvelist•added 2026/06/15 8:18 p.m.•24 views

CVE-2026-48836 WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...

10CVSS0.00572EPSS

EUVD•added 2026/06/15 8:18 p.m.•5 views

EUVD-2026-36844

Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...

10CVSS5.5AI score0.00572EPSS

CVE•added 2026/06/15 8:18 p.m.•26 views

CVE-2026-48836

The CVE-2026-48836 entry concerns the WordPress Easy Invoice plugin (versions ≤ 2.1.19) with an unauthenticated Remote Code Execution (RCE) vulnerability. According to connected sources, an RCE exists in Easy Invoice up to 2.1.19; the Patchstack listing notes a critical CVSS 3.1 vector (AV:N/AC:L...

10CVSS5.5AI score0.00572EPSS

Cvelist•added 2026/06/15 8:17 p.m.•23 views

CVE-2026-39465 WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability

Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...

9.1CVSS0.0068EPSS