CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16820 matches found

OSV•added 2026/06/02 8:27 p.m.•4 views

ECHO-E514-9869-08FF

Bulletin has no description...

7.7CVSS6.7AI score0.00571EPSS

Exploits0References2

NVD•added 2026/06/02 5:16 p.m.•14 views

CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS0.00235EPSS

Exploits0References1

OSV•added 2026/06/02 12:6 p.m.•3 views

MINI-WG64-4292-3GVH

Bulletin has no description...

7.1CVSS5.7AI score0.00168EPSS

Exploits0

OSV•added 2026/06/02 6:11 a.m.•5 views

BELL-CVE-2026-46129

Bulletin has no description...

7.8CVSS5.7AI score0.00138EPSS

Exploits0References1

OSV•added 2026/06/02 6:10 a.m.•7 views

BELL-CVE-2026-46242

Bulletin has no description...

7.8CVSS5.7AI score0.00123EPSS

Exploits0References1

RedhatCVE•added 2026/06/02 4:2 a.m.•8 views

CVE-2026-45609

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

7.2CVSS5.8AI score0.00198EPSS

Exploits0References1

Positive Technologies•added 2026/06/02 12:0 a.m.•9 views

PT-2026-45878

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The Model Context Protocol MCP server integration improperly resolves $VAR placeholders against the server's process.env...

9.6CVSS5.5AI score0.00251EPSS

Exploits1References10

RedhatCVE•added 2026/06/01 4:3 p.m.•12 views

CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00349EPSS

Exploits0References1

Snyk•added 2026/06/01 10:29 a.m.•5 views

Improper Input Validation

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Input Validation over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's...

8.8CVSS7AI score0.87048EPSS

Exploits12References2

Snyk•added 2026/06/01 10:29 a.m.•4 views

Improper Input Validation

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Improper Input Validation over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's JVM by invoking operations with...

8.8CVSS7.1AI score0.87048EPSS

Exploits12References2

Snyk•added 2026/06/01 10:29 a.m.•5 views

Improper Input Validation

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Improper Input Validation through the addNetworkConnector function exposed via the Jolokia JMX-HTTP bridge. An attacker can achieve arbitrary code...

8.6CVSS6.2AI score0.00404EPSS

Exploits1References2

Snyk•added 2026/06/01 10:29 a.m.•5 views

Improper Input Validation

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Input Validation through the addNetworkConnector function exposed via the Jolokia JMX-HTTP bridge. An...

8.6CVSS6.2AI score0.00404EPSS

Exploits1References2

NVD•added 2026/06/01 9:16 a.m.•34 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS0.00404EPSS

Exploits1References2

NVD•added 2026/06/01 9:16 a.m.•9 views

CVE-2026-45505

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS0.00527EPSS

Exploits0References2

OSV•added 2026/06/01 9:16 a.m.•7 views

UBUNTU-CVE-2026-42588

8.1CVSS6.4AI score0.00404EPSS

Exploits1References5

OSV•added 2026/06/01 9:16 a.m.•7 views

UBUNTU-CVE-2026-45505

8.8CVSS6.6AI score0.87048EPSS

Exploits12References5