CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 4 days ago•6 views

EUVD-2026-33501

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

8.5CVSS5.9AI score0.00029EPSS

Vulnrichment•added 4 days ago•3 views

CVE-2026-49489 OpenCATS - SQL Injection in DataGrid sortDirection Parameter

8.5CVSS5.9AI score0.00029EPSS

NVD•added 6 days ago•10 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS0.0003EPSS

Cvelist•added 6 days ago•21 views

CVE-2026-9243 The Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' Parameter

6.4CVSS0.0003EPSS

ATTACKERKB•added 6 days ago•7 views

CVE-2026-9243

6.4CVSS6AI score0.0003EPSS

Positive Technologies•added 6 days ago•8 views

PT-2026-44759

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel direction' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the carousel...

6.4CVSS6AI score0.0003EPSS

Cvelist•added 2026/05/27 12:58 p.m.•28 views

CVE-2026-46077 crypto: atmel-tdes - fix DMA sync direction

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, -dmaaddrout must be synced with dmasyncsingleforcpu instead of dmasyncsinglefordevice. Using the wrong direction can return stale cache data on...

0.00032EPSS

Exploits0References8

EUVD•added 2026/05/27 12:58 p.m.•3 views

EUVD-2026-32459

5.8AI score0.00032EPSS

CNNVD•added 2026/05/27 12:0 a.m.•3 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in DMA synchronization direction in the crypto Atmel-TDES module. This vulnerability may...

5.8AI score0.00032EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-44133

Description SymfonyComponentHtmlSanitizerTextSanitizerUrlSanitizer::parse used by UrlSanitizer::sanitize and therefore by every HtmlSanitizer config that allows links or media accepts URLs that contain Unicode explicit-direction BiDi formatting characters: U+202A–U+202E LRE / RLE / PDF / LRO / RL...

6.9CVSS5.9AI score

Exploits0References7

CNNVD•added 2026/05/21 12:0 a.m.•4 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of the sort and dir GET parameters into the ORDER BY clause in...

7.1CVSS5.9AI score0.00027EPSS

Exploits0References1

HackRead•added 2026/05/20 2:55 p.m.•5 views

Understanding Trend Structure: Higher Highs and Lower Lows Explained

Before indicators, before oscillators, before anything that requires a formula – the market communicates through price structure. Peaks…...

5.8AI score

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a write. In modern kernels this error provokes a...

5.5CVSS5.9AI score0.00014EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: simple-card-utils: Fixed the pointer check in graphutilParseLinkDirectionation. Now, it checks whether the passed pointers are valid before writing to them. This also fixes a USBAN warning: UBSAN: Invalid-load in...

7.8CVSS6.6AI score0.00052EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed a warning in copyfromiter. Syzkaller reported a warning in copyfromiter because an ioviter was supposedly used in the wrong direction. The reason is that Syzkaller managed to generate a request with a transfer...

5.5CVSS5.7AI score0.00015EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/cmdnet: fixed incorrect argument types for skbqueuesplice. If retrying timestamp retrieval is necessary and the local list of SKBs already contains entries, then those entries are spliced back into the socket queue...

5.7AI score0.00026EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fixed a bug in the pipe direction for control transfers. The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: The BOGUS control direction, with pipe 80001e80, does not match bRequestType 0. WARNING:...

7.8CVSS5.8AI score0.00022EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fixed the leak from the dev tracker. At the stage of direction checks, the netdev reference tracker is already initialized, but it is released with the wrong put call...

5.7AI score0.00022EPSS