CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2 days ago•5 views

EUVD-2026-38371

7.1CVSS5.8AI score0.00302EPSS

CVE•added 2 days ago•6 views

CVE-2026-56314

Capgo before 12.128.12 has a flaw in /updates resolution: it does not filter deleted app versions when joining channels, so deleted bundles may remain selectable. This enables attackers to continue deploying deleted bundles to devices via channel version joins due to missing app_versions.deleted ...

7.1CVSS5.8AI score0.00302EPSS

Cvelist•added 2 days ago•18 views

CVE-2026-56314 Capgo - Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint

7.1CVSS0.00302EPSS

ATTACKERKB•added 2 days ago•4 views

CVE-2026-56314

7.1CVSS5.8AI score0.00302EPSS

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10, and Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Do not ignore the genmask when looking up a chain by its ID. When adding a rule to a chain whose ID is referenced, if that chain has been deleted during the same operation, the rule might refer to a deleted...

7.8CVSS5.9AI score0.00149EPSS

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a traversal bug in ext4mbusepreallocated. During allocation, when searching for pre-allocations PA in the per-inode rbtree, we cannot perform a direct traversal of the tree because ext4mbdiscardgrouppreallocation may...

5.8AI score0.00161EPSS

Cvelist•added last week•22 views

CVE-2026-50267 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS0.00065EPSS

EUVD•added 2026/06/12 8:25 p.m.•6 views

EUVD-2026-36558

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS5.3AI score0.00204EPSS

OSV•added 2026/06/12 8:8 p.m.•7 views

GHSA-F34X-RX2W-7PM3 TYPO3 CMS has Broken Access Control in the Recycler Module

Problem Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits...

5.3CVSS5.3AI score0.00238EPSS

Exploits0References7

EUVD•added 2026/06/12 8:8 p.m.•9 views

EUVD-2026-35396

TYPO3 CMS has Broken Access Control in the Recycler Module...

5.3CVSS5.2AI score0.00238EPSS

Exploits0References6

NVD•added 2026/06/11 7:16 p.m.•8 views

CVE-2026-47176

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS0.00251EPSS

Positive Technologies•added 2026/06/11 12:0 a.m.•10 views

PT-2026-48715

5.7CVSS5.3AI score0.00251EPSS

CNNVD•added 2026/06/11 12:0 a.m.•10 views

Quest Bot 信息泄露漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from the logging feature not restricting channel access, allowing configured users to...

5.7CVSS5.3AI score0.00251EPSS

Tenable Nessus•added 2026/06/11 12:0 a.m.•7 views

Devolutions Server < 2026.1.21.0 / 2026.2.4.0 < 2026.2.5.0 Multiple Vulnerabilities (DEVO-2026-0015)

The version of Devolutions Server installed on the remote host is prior to 2026.1.21.0 or 2026.2.4.0 prior to 2026.2.5.0. It is, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements in the built-in PAM provider password rotation templates in...

6.5CVSS6AI score0.00196EPSS

Exploits0References4

RedhatCVE•added 2026/06/10 3:0 p.m.•9 views

CVE-2026-47349

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS5.5AI score0.00238EPSS

RedhatCVE•added 2026/06/09 8:59 p.m.•7 views

CVE-2026-10787

Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server 2026.1.20.0 and earlier...

4.3CVSS5.5AI score0.00155EPSS

RedhatCVE•added 2026/06/09 2:59 p.m.•10 views

CVE-2026-46656

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS

NVD•added 2026/06/09 11:16 a.m.•8 views

CVE-2026-47349

5.3CVSS0.00238EPSS

CVE•added 2026/06/09 10:51 a.m.•20 views

CVE-2026-47349

CVE-2026-47349 affects TYPO3 CMS where backend users with access to the Recycler module could restore soft-deleted records on pages or tables they are not authorized to modify. Affected versions: 10.4.57 and earlier in 10.x; 11.0.0–11.5.51; 12.0.0–12.4.46; 13.0.0–13.4.31; 14.0.0–14.3.3. Root caus...

5.3CVSS5.5AI score0.00238EPSS