CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Drupal•added yesterday•2 views

TacJS - Moderately critical - Improper Access Control - SA-CONTRIB-2026-040

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to an attacker being able to delete arbitrary cookies. This vulnerability is mitigated by the fact that an attacker needs ...

5.9AI score

RedhatCVE•added 2 days ago•5 views

CVE-2026-48136

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

Nuclei•added 3 days ago•15 views

WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option

The WP GDPR Compliance plugin allows unauthenticated users to execute any action and update any database value. This vulnerability is due to the lack of proper validation in the Includes/Ajax.php file. id: CVE-2018-19207 info: name: WP GDPR Compliance 1.4.3 - Unauthenticated Call Any Action or...

9.8CVSS7.4AI score0.91843EPSS

Exploits4References2

Github Security Blog•added 2026/05/27 10:57 p.m.•12 views

compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

6.4AI score

Exploits0References4Affected Software1

NVD•added 2026/05/27 6:16 p.m.•5 views

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

7.5CVSS0.00055EPSS

Packet Storm News•added 2026/05/27 12:0 a.m.•6 views

Relevance As a Vulnerability: How Web Retrieval Degrades Safety Alignment in LLM Agents

AI agents augment large language models with external tools such as web retrieval, enabling grounded and up-to-date responses. However, incorporating external content into the generation pipeline can weaken the safety alignment mechanisms that govern model outputs. Prior work shows that enabling...

5.8AI score

Packet Storm News•added 2026/05/27 12:0 a.m.•6 views

S3C2 Summit 2025-07: Government Secure Supply Chain Summit

Software supply chains, while providing immense economic and software development value, are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks specifically targeting vulnerable links in critical software supply chains. The...

5.8AI score

EUVD•added 2026/05/26 9:54 p.m.•8 views

EUVD-2026-32016

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.00353EPSS

Exploits2References7

NVD•added 2026/05/26 2:16 p.m.•10 views

CVE-2026-48136

4.1CVSS0.00056EPSS

Cvelist•added 2026/05/26 12:57 p.m.•35 views

CVE-2026-48136 Authenticated Administrator Role-Based Access Control Bypass in Compliance

4.1CVSS0.00056EPSS

CVE•added 2026/05/26 12:57 p.m.•12 views

CVE-2026-48136

CVE-2026-48136 affects Check Point Multi-Domain Management where, when Compliance is enabled, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata for Compliance Best Practices in another CMA where they have no access, effectively bypassi...

Vulnrichment•added 2026/05/26 12:57 p.m.•3 views

CVE-2026-48136 Authenticated Administrator Role-Based Access Control Bypass in Compliance

ATTACKERKB•added 2026/05/26 12:57 p.m.•5 views

CVE-2026-48136

EUVD•added 2026/05/26 12:57 p.m.•6 views

EUVD-2026-31823

Positive Technologies•added 2026/05/26 12:0 a.m.•6 views

PT-2026-43240

CNNVD•added 2026/05/26 12:0 a.m.•5 views

Check Point Multi-Domain Management 安全漏洞

Check Point Multi-Domain Management is a centralized security management platform provided by Check Point Israel. Check Point Multi-Domain Management has a security vulnerability. This vulnerability arises from the fact that when compliance is enabled in the multi-domain management system, verifi...

GithubExploit•added 2026/05/24 10:27 a.m.•51 views

FortressWAF

FortressWAF — Web Application Firewall !Licensehttps://im...

5.9AI score

CheckPoint Security•added 2026/05/24 12:0 a.m.•7 views

CVE-2026-48136 - Authenticated Administrator Role-Based Access Control Bypass in Compliance

Symptoms - When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access...