CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

PT-2026-50718

Name of the Vulnerable Software and Affected Versions jupyter-server versions prior to 2.20.0 Description The nbconvert HTTP handlers render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy CSP, which is a security layer that helps...

9.3CVSS6AI score

Tenable Nessus•added 5 days ago•9 views

PT-2026-50691

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.71.0 Description Files matching the pattern .prompts/.prompttemplate in a workspace are automatically loaded, allowing them to override or extend the AI agent's system prompts. This enables indirect prompt...

8.4CVSS6AI score

Exploits0References9

Squid < 7.6 Heap-based Buffer Overflow

The version of Squid on the remote host is prior to 7.6. It is, therefore, affected by a heap-based buffer overflow vulnerability: - Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to...

6.1AI score

Exploits0References3

Node JS Blog•added 5 days ago•95 views

Thursday, June 18, 2026 Security Releases

Thursday, June 18, 2026 Security Releases UPDATE 2026-06-18 Security releases available Updates are now available for the 26.x, 24.x, 22.x Node.js release lines for the following issues. This security release includes the following dependency updates to address public vulnerabilities: llhttp 9.4....

5.3CVSS4.9AI score

Exploits0

PT-2026-50741

Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...

7.4CVSS5.9AI score

Positive Technologies•added 5 days ago•12 views

PT-2026-50813

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.6 through 9.15 Description HTML injection is possible in the cloud deployment module. The application propagates exception text from AWS, Azure, and Google SDKs, as well as file-resolution and database-commit exceptions,...

4.8CVSS5.8AI score

Exploits0References7

PT-2026-50644

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cot check xg to validate the anti-CSRF token, even though...

8.6CVSS5.4AI score0.00177EPSS

Exploits0References2

Positive Technologies•added 5 days ago•13 views

PT-2026-50646

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pff title is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cot import is disabled, so an authenticated user can...

7.6CVSS5.2AI score0.00171EPSS

Exploits0References2

PT-2026-50815

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.0 through 9.15 Description An open redirect exists in the multi-factor authentication MFA flow. The MFA validate and register endpoints, specifically '/mfa/validate', process the user-supplied next query or form parameter...

5.3CVSS5.8AI score

PT-2026-50736

Impact Hydro contains an insufficient session expiration vulnerability in its session recreation logic. When a session is recreated, including during logout or other session renewal flows, Hydro creates a new session token but does not delete the previous server-side session token. As a result, a...

6.9CVSS5.4AI score

Positive Technologies•added 5 days ago•13 views

PT-2026-50812

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.9 through 9.15 Description In server mode, two state-mutating endpoints in the SQL Editor blueprint are missing the @pga login required authentication decorator, allowing them to be accessed without an authenticated sessio...

9.5CVSS6.5AI score

Exploits0References13

PT-2026-50811

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 9.13 through 9.15 Description A read-only transaction bypass exists in the pgAdmin 4 AI Assistant, allowing an attacker who can influence database content read by the assistant to execute arbitrary SQL with the privileges of...

9.4CVSS6.8AI score

Exploits0References9

Positive Technologies•added 5 days ago•8 views

PT-2026-50816

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 1.0 through 9.15 Description An issue exists in the named restore point endpoint 'POST /browser/server/restore point/gid/sid' where the user-supplied value field is interpolated directly into the SQL string using str.format...

5.3CVSS5.9AI score

PT-2026-50810

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 1.0 through 9.15 Description SQL injection is possible across multiple dialog templates that render descriptions for Domains, Foreign Tables, Languages, and Event Triggers, as well as the Views OID-lookup query. The issue...

8.8CVSS6.3AI score

Exploits0References8

4.3CVSS5.1AI score0.0026EPSS

PT-2026-50621

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'rule id' parameter due to missing validation on a user controlled key. This makes it possible for...

Exploits0References16