CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1085639 matches found

OSV•added 2026/06/17 1:54 p.m.•6 views

CGA-2FJG-J4JJ-X26W

Bulletin has no description...

7.5CVSS5AI score0.00263EPSS

Exploits0

F5 Networks•added 2026/06/17 1:45 p.m.•29 views

K000161616: NGINX ngx_http_v3_module vulnerability CVE-2026-42530

Security Advisory Description NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen ...

9.2CVSS6.3AI score0.02391EPSS

Exploits3Affected Software4

EUVD•added 2026/06/17 1:37 p.m.•7 views

EUVD-2026-37707

Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...

7.5CVSS5.4AI score0.00292EPSS

Exploits0References1

Cvelist•added 2026/06/17 1:37 p.m.•31 views

CVE-2026-54816 WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21...

7.5CVSS0.00292EPSS

Exploits0References1

RedHat Linux•added 2026/06/17 1:24 p.m.•5 views

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...

7.8CVSS5.8AI score0.00119EPSS

Exploits0References5

NVD•added 2026/06/17 1:20 p.m.•7 views

CVE-2026-49113

Subscriber Arbitrary Code Execution in Cornerstone 7.8.8 versions...

8.5CVSS0.00371EPSS

Exploits0References1

NVD•added 2026/06/17 1:20 p.m.•7 views

CVE-2026-40783

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...

9.9CVSS0.00541EPSS

Exploits0References1

NVD•added 2026/06/17 1:20 p.m.•6 views

CVE-2026-25470

Improper Control of Generation of Code 'Code Injection' vulnerability in ACPT ACPT Pro - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT Pro - Custom Post Types Plugin for WordPress: from n/a through 2.0.47...

10CVSS0.00414EPSS

Exploits0References1

NVD•added 2026/06/17 1:20 p.m.•7 views

CVE-2026-12462

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00271EPSS

Exploits0References2

NVD•added 2026/06/17 1:20 p.m.•8 views

CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00426EPSS

Exploits0References2

NVD•added 2026/06/17 1:20 p.m.•6 views

CVE-2026-12447

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00417EPSS

Exploits0References2

OSV•added 2026/06/17 1:20 p.m.•5 views

DEBIAN-CVE-2026-12447

8.8CVSS6.3AI score0.00417EPSS

Exploits0References1

NVD•added 2026/06/17 1:19 p.m.•5 views

CVE-2026-12443

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00601EPSS

Exploits0References2

NVD•added 2026/06/17 1:19 p.m.•8 views

CVE-2026-12442

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00387EPSS

Exploits0References2

OSV•added 2026/06/17 1:19 p.m.•5 views

DEBIAN-CVE-2026-12443

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00601EPSS

Exploits0References1

OSV•added 2026/06/17 1:19 p.m.•5 views

DEBIAN-CVE-2026-12442

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00387EPSS

Exploits0References1

NVD•added 2026/06/17 1:19 p.m.•7 views

CVE-2026-12115

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS0.00535EPSS

Exploits0References6

NVD•added 2026/06/17 1:19 p.m.•8 views

CVE-2025-59872

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system command...

9.8CVSS0.00454EPSS

Exploits0References1