CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/09 12:0 a.m.•13 views

PT-2026-47647

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected versions: Reactor Netty 1.0.0 through 1.0.51;...

6.1CVSS5.5AI score0.00172EPSS

CNNVD•added 2026/06/09 12:0 a.m.•6 views

Adobe CAI Content Credentials 输入验证错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 contain a...

7.5CVSS5.3AI score0.00407EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•7 views

PT-2026-47772

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive...

8.8CVSS6.1AI score0.00295EPSS

Exploits0References4

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

PT-2026-48287

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description An uncontrolled resource consumption issue allows an attacker to exhaust system resources, leading to an...

6.2CVSS5.2AI score0.00153EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

PT-2026-48307

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2 asserting party metadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verification credentials an...

7.3CVSS5.5AI score0.00198EPSS

CNNVD•added 2026/06/09 12:0 a.m.•9 views

Adobe CAI Content Credentials 资源管理错误漏洞

6.2CVSS5.4AI score0.00153EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

PT-2026-48282

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials version c2pa-v0.80.1 Description An integer overflow or wraparound occurs, which can be exploited by an attacker to crash the application. This leads to a...

7.5CVSS5.5AI score0.0043EPSS

Exploits0References4

CNNVD•added 2026/06/09 12:0 a.m.•13 views

Adobe CAI Content Credentials 资源管理错误漏洞

6.2CVSS5.4AI score0.00153EPSS

CNNVD•added 2026/06/09 12:0 a.m.•12 views

Adobe CAI Content Credentials 输入验证错误漏洞

6.2CVSS5.4AI score0.00153EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-48286

Name of the Vulnerable Software and Affected Versions CAI Content Credentials versions [email protected] and earlier CAI Content Credentials versions c2pa-v0.80.1 and earlier Description Improper Input Validation allows an attacker to crash the application, resulting in a denial-of-service condition...

6.2CVSS5.2AI score0.00153EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•11 views

PT-2026-48281

Name of the Vulnerable Software and Affected Versions c2pa-web versions prior to 0.7.1 c2pa-v versions prior to 0.80.1 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows for an arbitrary file system write. This issue enables an attacker to...

5.5CVSS5.4AI score0.0017EPSS

CNNVD•added 2026/06/09 12:0 a.m.•9 views

Adobe CAI Content Credentials 路径遍历漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc. in the United States. It offers capabilities for authenticating digital content sources and tracking editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1...

5.5CVSS5.6AI score0.0017EPSS

CNNVD•added 2026/06/09 12:0 a.m.•10 views

Skilja Vinna Process Monitor 跨站脚本漏洞

Skilja Vinna Process Monitor is a business process monitoring platform developed by Skilja Corporation. The Skilja Vinna Process Monitor 4.0 Service Pack 1 version contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting flaw, which could...

9.3CVSS5.1AI score0.00242EPSS

Adobe•added 2026/06/09 12:0 a.m.•10 views

APSB26-61 : Security update available for Content Credentials SDK

Adobe has released security updates for Content Credentials SDK. This update addresses critical and important vulnerabilities that could result in application denial-of-service and arbitrary file system write...

Exploits0Affected Software2

Positive Technologies•added 2026/06/09 12:0 a.m.•16 views

PT-2026-48284

7.5CVSS5.2AI score0.00407EPSS

CNNVD•added 2026/06/09 12:0 a.m.•8 views

Adobe CAI Content Credentials 输入验证错误漏洞

7.5CVSS5.4AI score0.0043EPSS

OSSF Malicious Packages•added 2026/06/08 10:22 p.m.•8 views

Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1a2f1a7c7e3bddb9c8d2fcb8a4c86a6755763c94b95b1eddb81f382318c432 Malicious typosquat impersonating the legitimate Solana Python SDK solana / solana-py and the JS @solana/web3.js. The package ships no SDK...

OSV•added 2026/06/08 10:22 p.m.•7 views

MAL-2026-5338 Malicious code in solana-web3-py (PyPI)

OSSF Malicious Packages•added 2026/06/08 10:21 p.m.•10 views

Malicious code in solana-cli-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd On import solanaclipy, the package's top-level init.py unconditionally invokes report, which harvests standard developer-side secret material and POS...