CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•6 views

CVE-2026-5509

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

Cvelist•added 3 days ago•24 views

CVE-2026-22872 Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...

8.2CVSS0.00072EPSS

Exploits1References2

OSV•added 3 days ago•3 views

BIT-KIBANA-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...

Positive Technologies•added 4 days ago•7 views

PT-2026-45198

Name of the Vulnerable Software and Affected Versions D-Link DI-8400 versions prior to 16.07.26A1 Description A stack-based buffer overflow occurs due to the manipulation of the str argument within the '/dbsrv.asp' endpoint. This allows for remote exploitation. A stack-based buffer overflow is a...

9CVSS7.9AI score0.00084EPSS

Exploits0References8

RedhatCVE•added 6 days ago•6 views

CVE-2026-49095

Vulnrichment•added last week•3 views

CVE-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation

Cvelist•added last week•31 views

CVE-2026-49095 Improper Input Validation in Kibana Fleet Leading to Privilege Escalation

6.5CVSS0.00072EPSS

CVE•added last week•15 views

CVE-2026-9038

CVE-2026-9038 describes a stack-based buffer overflow in the charging controller’s signal-processing logic (XCharge C6). The vulnerability allows a physically proximate attacker to send oversized message fields, leading to memory corruption and potential execution of unauthorized code with elevat...

8.6CVSS6.3AI score0.00025EPSS

Cvelist•added last week•24 views

CVE-2026-9095 CVE-2026-9095

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...

0.00054EPSS

Positive Technologies•added 2026/05/28 12:0 a.m.•5 views

PT-2026-44537

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper input validation in the Kibana Fleet agent policy management feature allows an authenticated user with Fleet management privileges to escalate privileges. By injecting values into a...

Positive Technologies•added 2026/05/28 12:0 a.m.•8 views

Exploits0References4

PT-2026-44499

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur,...

8.6CVSS6.3AI score0.00025EPSS

NVD•added 2026/05/27 6:16 p.m.•10 views

CVE-2026-5509

8.5CVSS0.00634EPSS

Exploits0References5

ATTACKERKB•added 2026/05/27 5:26 p.m.•13 views

CVE-2026-5509

Cvelist•added 2026/05/27 5:26 p.m.•37 views

Exploits0References5

CVE-2026-5509 Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200

8.5CVSS0.00634EPSS

Exploits0References5

CVE•added 2026/05/27 5:26 p.m.•14 views

CVE-2026-5509

The CVE-2026-5509 entry describes an authenticated command-injection flaw in TP-Link Archer BE450 v1 and BE7200 v1 routers. After logging into the admin web interface, an attacker can inject crafted input via the browser’s developer console that is passed to backend system commands without suffic...

Exploits0References5Affected Software1

Snyk•added 2026/05/27 5:3 p.m.•6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the wheel installation process. An attacker can overwrite arbitrary files within the installing user's permissions by convincing a user to install a specially crafted Python wheel containing malicious entry-point...

8.5CVSS6.3AI score0.00013EPSS

NVD•added 2026/05/27 8:16 a.m.•7 views

CVE-2025-41670

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS0.00033EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-44065

Name of the Vulnerable Software and Affected Versions Archer BE450 v1 Archer BE7200 v1 Description An authenticated command injection allows an administrator to execute arbitrary system commands through the web management interface. By using the browser developer console, a crafted input can be...