CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/14 6:32 p.m.•1 views

MAL-2026-3747 Malicious code in @aiscene/aiserver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 542fdb1c23b52adda0ed5164b65c9768aef7a5edd45473f9cd3ceab3065b1bb3 When the installed aiserver tool is started via its bin, npm start, or loading dist/index.js, it registers the host with a hardcoded remote controlle...

6.1AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/14 6:32 p.m.•6 views

Malicious code in @aiscene/aiserver (npm)

6.1AI score

Exploits0References2

Circl•added 2026/05/14 6:0 p.m.•4 views

CVE-2026-41217

creationtimestamp| type| source ---|---|--- 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/f5-products-multiple-vulnerabilities20260515...

8.3CVSS5.8AI score0.00026EPSS

EUVD•added 2026/05/14 4:8 p.m.•7 views

EUVD-2026-30324

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

Vulnrichment•added 2026/05/14 4:8 p.m.•4 views

CVE-2026-20182 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

Cvelist•added 2026/05/14 4:8 p.m.•35 views

CVE-2026-20182 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

10CVSS0.83125EPSS

Rapid7 Blog•added 2026/05/14 4:0 p.m.•8 views

The Dark Side of Efficiency: When Network Controllers Become "God Mode" for Attackers

Imagine you build a massive corporate campus with every security control money can buy. Blast resistant doors. Biometric scanners. Guards at every entrance. Maybe something similar to the infamous Death Star. On paper, it looks fantastic. Then, somewhere along the way, somebody decides the...

Cisco•added 2026/05/14 4:0 p.m.•12 views

Exploits4

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability...

10CVSS6AI score0.83125EPSS

Exploits4References1

Vulnrichment•added 2026/05/14 2:27 p.m.•5 views

CVE-2026-41935 Vvveb < 1.0.8.3 Uncontrolled Recursion Denial of Service

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init repeatedly invokes permission on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin...

7.1CVSS5.8AI score0.00042EPSS

Exploits0References3

CVE•added 2026/05/14 2:27 p.m.•6 views

CVE-2026-41935

Vvveb

7.1CVSS5.8AI score0.00042EPSS

Exploits0References3

Cvelist•added 2026/05/14 2:19 p.m.•30 views

CVE-2026-41932 Vvveb < 1.0.8.3 Stored XSS via Signup Controller

Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerability in the customer signup flow where the Signup::addUser controller copies raw POST username values into the displayname field before sanitization occurs. Attackers can submit HTML and script markup in the username field durin...

6.1CVSS0.00036EPSS

Exploits0References3

NVD•added 2026/05/14 1:16 p.m.•6 views

CVE-2026-5798

Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...

7.1CVSS0.00043EPSS

Cvelist•added 2026/05/14 12:30 p.m.•30 views

CVE-2026-5790 Stored Cross-Site Scripting (XSS) vulnerability in Stel Order

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

5.1CVSS0.00062EPSS

ATTACKERKB•added 2026/05/14 12:30 p.m.•2 views

CVE-2026-5790

5.1CVSS5.8AI score0.00062EPSS

Exploits0References2

Vulnrichment•added 2026/05/14 12:30 p.m.•6 views

CVE-2026-5790 Stored Cross-Site Scripting (XSS) vulnerability in Stel Order

5.1CVSS5.8AI score0.00062EPSS

CVE•added 2026/05/14 12:26 p.m.•7 views

CVE-2026-5798

CVE-2026-5798 affects Stel Order v3.25.1 and earlier. The vulnerability is an unsafe object reference (IDOR) in the /app/FrontController endpoint, exploitable by manipulating the employeeID parameter in requests. An authenticated attacker could access information about any employee (e.g., first n...

7.1CVSS5.7AI score0.00043EPSS

EUVD•added 2026/05/14 12:26 p.m.•6 views

EUVD-2026-30269

7.1CVSS5.7AI score0.00043EPSS

Veracode•added 2026/05/14 11:7 a.m.•5 views

Authorization Bypass

github.com/juju/juju is vulnerable to Authorization Bypass. The vulnerability is due to insufficient authorization checks in the Controller facade CloudSpec API method, which allows a low-privileged authenticated attacker to access sensitive cloud credentials...

9.9CVSS5.8AI score0.00012EPSS

Exploits1References5Affected Software1

CNNVD•added 2026/05/14 12:0 a.m.•5 views

Cisco Catalyst SD-WAN Manager和Cisco Catalyst SD-WAN Controller 授权问题漏洞

Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage and Cisco Catalyst SD-WAN Controller are both products of the American company Cisco. Cisco Catalyst SD-WAN Manager is a highly customizable dashboard that can simplify and automate the deployment, configuration, management, and operation of Cisc...