CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/12 9:16 a.m.•12 views

CVE-2026-7428 Insecure default administrative credentials in AlloyDB for PostgreSQL

9.2CVSS5.8AI score0.00239EPSS

CVE•added 2026/05/12 9:16 a.m.•21 views

CVE-2026-7428

CVE-2026-7428 affects Google Cloud AlloyDB for PostgreSQL. The vulnerability stems from insecure default administrative credentials that could be created by well-intended Terraform or REST API users before 2025-11-03, enabling a remote attacker to gain full administrative access to the database. ...

9.2CVSS5.8AI score0.00239EPSS

Cvelist•added 2026/05/12 7:48 a.m.•62 views

CVE-2026-4920 Next Date <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute

The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS0.00187EPSS

CVE•added 2026/05/12 7:48 a.m.•13 views

CVE-2026-4920

The CVE describes a stored cross-site scripting vulnerability in the WordPress plugin Next Date (versions

ATTACKERKB•added 2026/05/12 7:48 a.m.•6 views

CVE-2026-4920

Vulnrichment•added 2026/05/12 7:48 a.m.•8 views

Exploits0References4

CVE-2026-4920 Next Date <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute

SUSE CVE•added 2026/05/12 3:30 a.m.•6 views

SUSE CVE-2026-43356

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adisinit The adisinit function dereferences adis-ops to check if the individual function pointers write, read, reset are NULL, but does not first check if adis-ops itself is NULL...

5.8AI score0.00121EPSS

NVD•added 2026/05/12 3:16 a.m.•17 views

CVE-2026-40132

Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...

5.4CVSS0.0019EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40539

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description JavaScript generated for toObject conversion may include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor...

8.8CVSS6.1AI score0.00294EPSS

Exploits0References9

CNNVD•added 2026/05/12 12:0 a.m.•8 views

WordPress plugin Next Date 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.4CVSS5.8AI score0.00187EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•11 views

PT-2026-39995

9.2CVSS5.8AI score0.00239EPSS

CNNVD•added 2026/05/12 12:0 a.m.•7 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. VMware Spring AI has a security vulnerability, which stems from problematic default settings in the chat memory...

7.5CVSS5.5AI score0.0026EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

PT-2026-40006

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS5.5AI score0.0026EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•17 views

PT-2026-39951

Positive Technologies•added 2026/05/12 12:0 a.m.•10 views

Exploits0References4

PT-2026-40049

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...

9.1CVSS5.8AI score0.00341EPSS

CNNVD•added 2026/05/12 12:0 a.m.•8 views

Google Cloud AlloyDB for PostgreSQL 安全漏洞

Google Cloud AlloyDB for PostgreSQL is a cloud-native, high-performance relational database service from Google Inc. That service is compatible with PostgreSQL. Versions of Google Cloud AlloyDB for PostgreSQL prior to 2025-11-03 contained a security vulnerability. This vulnerability stemmed from...

9.2CVSS5.9AI score0.00239EPSS

CNNVD•added 2026/05/12 12:0 a.m.•7 views

Intel NPU Driver for Linux和Intel NPU Driver for Windows 安全漏洞

The Intel NPU Driver for Linux and the Intel NPU Driver for Windows are driver programs for neural processing units developed by Intel Corporation. Previous versions of the Intel NPU Driver for Linux and Intel NPU Driver for Windows 32.0.100.4511 contained security vulnerabilities. These...

5.4CVSS5.8AI score0.00082EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40084

Incorrect default permissions for some IntelR NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation ...

5.4CVSS5.7AI score0.00082EPSS