CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix for suspend/resume behavior. Disabling the cache in commit 2ff4ba9e3702 “clk: rs9: Fix for I2C accessors” without removing cache synchronization in the resume path results in a kernel panic, as map-cacheops is unset...

5.5CVSS5.2AI score0.00131EPSS

CVE•added 2026/06/17 7:13 a.m.•12 views

CVE-2026-0082

CVE-2026-0082 affects the Android framework: in NfcDispatcher.java’s tryStartActivity there is an insecure default value that can automatically assign a special app access permission. This leads to local elevation of privilege with no extra execution privileges required and no user interaction ne...

10CVSS5.6AI score0.00165EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/11 9:41 a.m.•27 views

CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS0.00207EPSS

Snyk•added 2026/06/10 12:0 a.m.•6 views

Insecure Defaults

Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...

8.8CVSS5.4AI score0.00229EPSS

Microsoft CVE•added 2026/06/09 2:0 p.m.•7 views

Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00525EPSS

Exploits0

RedhatCVE•added 2026/06/05 7:33 p.m.•6 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.5AI score0.00276EPSS

RedhatCVE•added 2026/06/05 7:32 p.m.•7 views

CVE-2026-6703

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS5.4AI score0.0023EPSS

RedhatCVE•added 2026/06/05 7:21 p.m.•7 views

CVE-2026-41039

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...

8.7CVSS5.5AI score0.00261EPSS

RedhatCVE•added 2026/06/05 7:17 p.m.•9 views

CVE-2026-6866

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

8.2CVSS5.5AI score0.00295EPSS

OSV•added 2026/06/04 1:45 p.m.•8 views

ROOT-APP-NPM-CVE-2026-24046 CVE-2026-24046 in @rootio/backstage__backend-defaults - Patched by Root

Root has patched CVE-2026-24046 in the @rootio/backstagebackend-defaults package for Root:npm. Multiple fixed versions available...

7.1CVSS5.8AI score0.00391EPSS

Exploits0

Snyk•added 2026/06/01 10:29 a.m.•5 views

Insecure Default Initialization of Resource

Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the Basic Authentication setup bin/solr auth enable tool. An attacker can gain full...

9.8CVSS7.3AI score0.00529EPSS

Exploits0References3

RedhatCVE•added 2026/05/30 8:13 a.m.•17 views

CVE-2026-45374

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue and autoapprove defaults to true taskmanager.rs:297: autoapprove:...

ATTACKERKB•added 2026/05/28 7:30 p.m.•15 views

CVE-2026-33590

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

9.4CVSS5.9AI score0.00452EPSS

Exploits0References4

CVE•added 2026/05/28 5:26 p.m.•22 views

CVE-2026-45374

CVE-2026-45374 affects CodeWhale’s DeepSeek+MiMo task_create flow. Before version 0.8.26, sub-agents inherit two insecure defaults: allow_shell = true and auto_approve = true, enabling unrestricted, unapproved shell access after user approval of a task_create prompt. This can lead to remote comma...

Cvelist•added 2026/05/28 5:26 p.m.•29 views

CVE-2026-45374 CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files

9.6CVSS0.0026EPSS

EUVD•added 2026/05/28 5:26 p.m.•8 views

EUVD-2026-32962

Vulnrichment•added 2026/05/28 5:26 p.m.•8 views

CVE-2026-45374 CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files