CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/28 10:16 p.m.•5 views

CVE-2026-7303

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

6.3CVSS0.00418EPSS

ATTACKERKB•added 2026/04/28 7:0 p.m.•5 views

CVE-2026-7303

6.3CVSS4.3AI score0.00418EPSS

Exploits0References7Affected Software1

CVE•added 2026/04/28 7:0 p.m.•17 views

CVE-2026-7303

The CVE-2026-7303 affects Xuxueli XXL-Job up to version 3.3.2, specifically the logDetailCat function in JobLogController.java (Execution Log Handler). Manipulating the logId argument can cause improper control of resource identifiers and may be exploitable remotely. Exploitability is described a...

6.3CVSS4.5AI score0.00418EPSS

Cvelist•added 2026/04/28 5:30 p.m.•27 views

CVE-2026-7292 o2oa NodeAgent NodeAgent.java syncFile improper authorization

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The...

6.3CVSS0.00258EPSS

RedhatCVE•added 2026/04/28 8:35 a.m.•10 views

CVE-2026-7141

A flaw was found in vllm. A remote attacker can exploit a vulnerability in the hasmambalayers function within the KV Block Handler component. By performing a specific manipulation, an uninitialized resource can be triggered, potentially leading to information disclosure or denial of service. The...

6.3CVSS5.1AI score0.00288EPSS

Exploits0References10

Positive Technologies•added 2026/04/28 12:0 a.m.•7 views

PT-2026-35830

5CVSS4.8AI score0.00224EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•5 views

CVE-2026-7018

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

6.3CVSS5.2AI score0.00338EPSS

Exploits0References1

EUVD•added 2026/04/27 4:45 p.m.•5 views

EUVD-2026-25892

A vulnerability was found in vllm up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

6.3CVSS5.4AI score0.00288EPSS

ATTACKERKB•added 2026/04/27 10:0 a.m.•4 views

CVE-2026-7113

A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The manipulation of the argument INSECURENOAUTH results in missing authentication. The attack can be...

6.3CVSS5.1AI score0.00362EPSS

Exploits0References6Affected Software1

EUVD•added 2026/04/27 10:0 a.m.•6 views

EUVD-2026-25818

6.3CVSS4.6AI score0.00362EPSS

Cvelist•added 2026/04/27 10:0 a.m.•31 views

CVE-2026-7113 NousResearch hermes-agent Webhooks Endpoint webhook.py missing authentication

6.3CVSS0.00362EPSS

NVD•added 2026/04/27 9:16 a.m.•3 views

CVE-2026-7103

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file updateuser.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's...

6.3CVSS0.00188EPSS

Vulnrichment•added 2026/04/27 4:0 a.m.•4 views

CVE-2026-7085 HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

5CVSS5AI score0.00248EPSS

Positive Technologies•added 2026/04/27 12:0 a.m.•4 views

PT-2026-35459

A vulnerability was found in vllm up to 0.19.0. The affected element is the function has mamba layers of the file vllm/v1/kv cache interface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attac...

6.3CVSS5.3AI score0.00288EPSS

Exploits0References8

NVD•added 2026/04/26 1:16 p.m.•7 views

CVE-2026-7041

A vulnerability was detected in 666ghj MiroFish up to 0.1.2. The impacted element is an unknown function of the file /console of the component Werkzeug Debugger PIN Handler. Performing a manipulation of the argument SECRET results in information disclosure. It is possible to initiate the attack...

6.3CVSS0.00412EPSS

Vulnrichment•added 2026/04/26 12:45 p.m.•5 views

CVE-2026-7041 666ghj MiroFish Werkzeug Debugger PIN console information disclosure

6.3CVSS4.6AI score0.00412EPSS