CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2 hours ago•3 views

EUVD-2026-38756

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of...

4.8CVSS6AI score

IBM Security Bulletins•added 2 hours ago•8 views

Security Bulletin: Security Vulnerabilities were found in IBM Security Verify Directory (CVE-2018-2799)

Summary Security Vulnerabilities were addressed in IBM Security Verify Directory Vulnerability Details CVEID:CVE-2018-2799 DESCRIPTION: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171,...

5.3CVSS6.3AI score0.15528EPSS

Exploits0Affected Software1

CVE•added 2 days ago•12 views

CVE-2026-52725

Angular CVE-2026-52725 concerns an issue in the @angular/core dynamic component creation flow. The vulnerability allows bypassing script-execution restrictions by mounting a dynamic component directly onto a [removed] tag or namespaced script element when a user-controlled host/selector is suppli...

5.3CVSS6AI score0.00404EPSS

Exploits0References3

EUVD•added 2 days ago•7 views

EUVD-2026-38277

IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager FCM authentication mechanism. The application contains a...

8.1CVSS6AI score0.00325EPSS

RedhatCVE•added 2 days ago•6 views

CVE-2026-33245

A flaw was found in React Router. This vulnerability, a type of Cross-Site Scripting XSS, affects applications utilizing React Router's unstable React Server Components RSC APIs. A remote attacker could exploit this by sending untrusted redirects, leading to the execution of malicious scripts in...

8CVSS6AI score0.00188EPSS

Exploits0References4

NVD•added 2 days ago•10 views

CVE-2026-44914

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS0.00285EPSS

Cvelist•added 2 days ago•30 views

CVE-2026-44914 Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents

7.5CVSS0.00285EPSS

EUVD•added 2 days ago•9 views

EUVD-2026-38219

ATTACKERKB•added 2 days ago•7 views

CVE-2026-44914

Exploits0References2Affected Software1

CVE•added 2 days ago•18 views

CVE-2026-44914

Apache NiFi versions 1.12.0–2.9.0 are vulnerable to missing authorization when replacing Process Groups that include extension components with the Restricted annotation. The Restricted annotation signals higher privileges, but framework authorization did not enforce restricted status during repla...

Exploits0References2Affected Software1

Positive Technologies•added 2 days ago•10 views

PT-2026-51387

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.11.4 Filament versions 5.0.0 through 5.6.4 Description The login page contains a timing discrepancy that enables unauthenticated attackers to perform email enumeration. This allows an attacker to determine if ...

5.3CVSS5.9AI score0.0021EPSS

Exploits0References4

Positive Technologies•added 2 days ago•8 views

PT-2026-51284

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.12.0 through 2.9.0 Description Authorization is missing when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation...

CVE•added 6 days ago•63 views

Exploits0References7

CVE-2026-12048

CVE-2026-12048 affects pgAdmin 4 (versions 6.0 up to 9.16). Stored XSS occurs when untrusted server-returned text is passed through html-react-parser in multiple user-facing sinks (toasts, dialogs, explain visualiser, SQL editor prompts, etc.), allowing an attacker-controlled PostgreSQL server to...

9.3CVSS5.4AI score0.00312EPSS

EUVD•added last week•9 views

EUVD-2026-37554

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.0008EPSS

NVD•added 2026/06/17 1:19 p.m.•7 views

CVE-2026-0019

7.8CVSS0.0008EPSS

CVE•added 2026/06/17 5:53 a.m.•9 views

CVE-2026-0019

CVE-2026-0019 affects SettingsLib and enables a logic-error path that could disable system components, enabling local privilege escalation without extra privileges or user interaction. The issue is classified as Elevation of Privilege (High) in Android 17 release notes; patches are included in An...

7.8CVSS5.6AI score0.0008EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/17 5:53 a.m.•26 views

CVE-2026-0019

0.0008EPSS