CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 3 days ago•9 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00207EPSS

Cvelist•added 3 days ago•30 views

CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...

6.5CVSS0.00283EPSS

NVD•added 2026/06/15 6:16 a.m.•9 views

CVE-2026-12218

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS0.00371EPSS

CVE•added 2026/06/14 10:15 p.m.•20 views

CVE-2026-12188

Affected software: Grit42 Grit (up to 0.11.0). Vulnerable component: grit_entity_controller.rb (modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb) within GritEntityController. Issue: SQL injection triggered by manipulating a function in the controller; described as...

6.5CVSS6.4AI score0.00196EPSS

CVE•added 2026/06/12 12:30 p.m.•16 views

CVE-2026-12065

Groww Android app (Groww Stock, Mutual Fund, Gold App) up to 20260805 is affected due to improper authorization in the WebView URL Handler for a custom URL scheme. The issue is located in an unknown part of the WebView URL handling logic and can be triggered on a physical device. Exploitation sta...

1.8CVSS3.8AI score0.00106EPSS

Exploits0References7

ATTACKERKB•added 2026/06/07 10:15 p.m.•6 views

CVE-2026-11463

A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor...

7.5CVSS6.8AI score0.00313EPSS

Exploits0References7Affected Software1

Positive Technologies•added 2026/06/07 12:0 a.m.•11 views

PT-2026-47191

Name of the Vulnerable Software and Affected Versions USCiLab Cereal versions prior to 1.3.3 Description A type confusion issue exists within the Shared Pointer Handler component. A remote attacker can execute a manipulation to trigger this condition, which occurs when a program accesses a resour...

7.5CVSS7.3AI score0.00313EPSS

Exploits0References9

RedhatCVE•added 2026/06/05 7:46 p.m.•6 views

CVE-2026-6592

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...

5.1CVSS3.6AI score0.00253EPSS

RedhatCVE•added 2026/06/05 7:43 p.m.•6 views

CVE-2026-8774

A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack may be performed from remote. The exploit is now public...

6.5CVSS6.3AI score0.01182EPSS

RedhatCVE•added 2026/06/05 7:32 p.m.•7 views

CVE-2026-6594

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The...

7.5CVSS6.9AI score0.00336EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•27 views

PT-2026-45268

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handle webhook request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

6.9CVSS5.6AI score0.00372EPSS

Exploits0References6

RedhatCVE•added 2026/05/28 2:15 p.m.•10 views

CVE-2026-9466

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...

6.9CVSS5.7AI score0.00352EPSS

RedhatCVE•added 2026/05/26 8:14 p.m.•12 views

CVE-2026-9357

A vulnerability was found in vBulletin 6.x. This impacts an unknown function of the component Login. Performing a manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. VulDB is withholding an extended...

5.1CVSS4.3AI score0.00231EPSS

Positive Technologies•added 2026/05/26 12:0 a.m.•9 views

PT-2026-43177

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS4.2AI score0.00336EPSS

EUVD•added 2026/05/25 8:0 a.m.•13 views

EUVD-2026-31651

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

6.5CVSS6.5AI score0.01364EPSS

NVD•added 2026/05/24 8:16 a.m.•14 views

CVE-2026-9361

A weakness has been identified in Edimax EW-7438RPn 1.12. This affects the function formAccept of the file /goform/formAccep of the component POST Request Handler. This manipulation of the argument submit-url causes command injection. The attack may be initiated remotely. The exploit has been mad...

6.5CVSS0.01158EPSS

NVD•added 2026/05/24 6:16 a.m.•19 views

CVE-2026-9357

5.1CVSS0.00231EPSS

Exploits0References3

Cvelist•added 2026/05/24 3:15 a.m.•17 views

CVE-2026-9351 NousResearch hermes-agent read_file Tool file_tools.py _is_blocked_device path traversal

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...

6.9CVSS0.00676EPSS

EUVD•added 2026/05/23 2:30 p.m.•9 views

EUVD-2026-31541

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...

6.5CVSS6.4AI score0.00192EPSS