CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12330 matches found

CVE-2026-4821

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

8.1CVSS5.9AI score0.00014EPSS

Exploits0References1

RedhatCVE•added last week•6 views

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.8CVSS5.4AI score0.32065EPSS

Exploits1References1

RedhatCVE•added last week•6 views

CVE-2026-8360

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS5.5AI score0.00053EPSS

Exploits0References1

RedhatCVE•added last week•5 views

CVE-2026-8111

SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution...

8.8CVSS6AI score0.00354EPSS

Exploits0References1

OSV•added last week•4 views

BIT-ACTIVEMQ-2026-42253 Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS5.4AI score0.00236EPSS

Exploits0References3

Fedora•added last week•12 views

[SECURITY] Fedora 43 Update: cockpit-362-1.fc43

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

8CVSS5.8AI score0.00275EPSS

Exploits0

RedhatCVE•added 2026/06/05 12:10 a.m.•7 views

CVE-2026-36176

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...

7.1CVSS5.8AI score0.00007EPSS

Exploits0References1

Tenable Nessus•added 2026/06/05 12:0 a.m.•5 views

Security Update for Microsoft Visual Studio Code Nx-Console Extension (CVE-2026-48027)

The Microsoft Visual Studio Code Nx-Console Extension is version 18.95.0. It is, therefore, affected by an embedded malicious code vulnerability. The compromised extension fetched an obfuscated payload that could harvest credentials from multiple sources on disk and in memory. Note that Nessus ha...

9.8CVSS5.6AI score0.32065EPSS

Exploits1References3

Cvelist•added 2026/06/04 7:26 p.m.•27 views

CVE-2026-41249 CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

8.2CVSS0.00116EPSS

Exploits0References3

NVD•added 2026/06/04 3:16 p.m.•6 views

CVE-2026-36174

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

4.6CVSS0.00019EPSS

Exploits0References3

NVD•added 2026/06/04 3:16 p.m.•8 views

CVE-2026-36176

7.1CVSS0.00007EPSS

Exploits0References3

Vulnrichment•added 2026/06/04 12:0 a.m.•3 views

CVE-2026-36174

5.5AI score0.00019EPSS

Exploits0References3

EUVD•added 2026/06/04 12:0 a.m.•7 views

EUVD-2026-34277

5.8AI score0.00019EPSS

Exploits0References3

CVE•added 2026/06/04 12:0 a.m.•7 views

CVE-2026-36174

CVE-2026-36174 affects GNCC GP5 v7.1.76, where sensitive wireless network information is stored in plaintext during routine serial console operations. The issue enables physically proximate attackers to retrieve credentials by monitoring the serial UART interface. The CVSS vector (AV:P/AC:L/PR:N/...

4.6CVSS5.8AI score0.00019EPSS

Exploits0References3