CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55679 matches found

CVE-2026-42867 Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without...

6.5CVSS0.00056EPSS

Exploits0References2

Cvelist•added 2 hours ago•3 views

CVE-2026-44961

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing...

Exploits1References1

CVE•added 2 hours ago•11 views

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

8.3CVSS6AI score0.00118EPSS

Exploits0References4

Circl•added 9 hours ago•7 views

CVE-2026-8172

creationtimestamp| type| source ---|---|--- 2026-06-23 08:26:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mowy4lqfd72a...

7.1CVSS5.8AI score

Exploits0References1

Circl•added 9 hours ago•6 views

CVE-2026-8379

creationtimestamp| type| source ---|---|--- 2026-06-23 08:21:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mowxtmrwaw2c...

7.5CVSS5.8AI score

Exploits0References1

RedhatCVE•added 10 hours ago•4 views

CVE-2026-44171

A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal...

7.8CVSS5.8AI score0.00173EPSS

Exploits0References5

Circl•added 10 hours ago•6 views

CVE-2026-7842

creationtimestamp| type| source ---|---|--- 2026-06-23 07:50:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moww3fmi5f2f...

6.8CVSS5.8AI score

Exploits0References1

Nuclei•added 13 hours ago•11 views

Blinko <= 1.8.3 - User Information Leak

Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...

6.9CVSS5.9AI score0.00711EPSS

Exploits0References3

Nuclei•added 13 hours ago•410 views

Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

6.5CVSS7AI score0.06583EPSS

Exploits3References5

Nuclei•added 13 hours ago•26 views

Telesquare TLR-2855KS6 - Arbitrary File Creation

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. id: CVE-2021-46418 info: name: Telesquare TLR-2855KS6 - Arbitrary File Creation author: DhiyaneshDK severity: high description: | An unauthorized file creation vulnerability in...

7.5CVSS7.1AI score0.2354EPSS

Exploits4References3

Nuclei•added 13 hours ago•270 views

WSO2 User Registration - Arbitrary Account Creation

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...

4.3CVSS5.8AI score0.0054EPSS

Exploits0References2

Circl•added 14 hours ago•3 views

CVE-2026-44089

creationtimestamp| type| source ---|---|--- 2026-06-23 03:55:00+00:00| seen| https://cert.pl/en/posts/2026/06/CVE-2026-44089 2026-06-23 14:47:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moxneoahvj2r 2026-06-23 16:13:07+00:00| seen|...

9.4CVSS5.8AI score

Exploits0References3

Circl•added 15 hours ago•8 views

CVE-2026-41523

creationtimestamp| type| source ---|---|--- 2026-06-23 02:37:07+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3moweld2smf2l 2026-06-23 05:13:50+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mowndjk4ct2x...

7.5CVSS5.8AI score0.00054EPSS

Exploits0References2

Circl•added 17 hours ago•5 views

CVE-2026-54232

creationtimestamp| type| source ---|---|--- 2026-06-23 01:05:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mow7gveg3u2j...

8.8CVSS5.8AI score0.00273EPSS

Exploits0References1

Circl•added 17 hours ago•11 views

CVE-2026-48505

creationtimestamp| type| source ---|---|--- 2026-06-23 00:50:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mow6lzrmz42a...

7.4CVSS5.8AI score0.00045EPSS

Exploits0References1