CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29664 matches found

RedhatCVE•added 2026/06/05 7:16 p.m.•7 views

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS5.4AI score0.00142EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:15 p.m.•8 views

CVE-2026-20180

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS6.5AI score0.05972EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:15 p.m.•7 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.5AI score0.10944EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:14 p.m.•7 views

CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

10CVSS6.2AI score0.01816EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:14 p.m.•9 views

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS6.5AI score0.0064EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:13 p.m.•5 views

CVE-2026-40585

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

7.4CVSS5.5AI score0.00216EPSS

Exploits0References1

NVD•added 2026/06/05 6:17 p.m.•8 views

CVE-2026-49492

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

8.8CVSS0.0034EPSS

Exploits0References2

ATTACKERKB•added 2026/06/05 5:49 p.m.•6 views

CVE-2026-49492

8.8CVSS5.7AI score0.0034EPSS

Exploits0References3

OSV•added 2026/06/05 4:41 p.m.•5 views

GHSA-W4C6-7R69-W7J9 klever-go: REST API slow-header connection exhaustion via Gin Engine.Run

Summary The Klever seednode REST API starts a Gin engine with Engine.RunrestAPIInterface. In Gin v1.9.1, Engine.Run calls Go's default http.ListenAndServe, which constructs an HTTP server without application-level ReadHeaderTimeout, ReadTimeout, or MaxHeaderBytes limits. An unauthenticated client...

7.5CVSS5.6AI score0.0005EPSS

Exploits0References3

OSV•added 2026/06/05 3:59 p.m.•4 views

GHSA-CXV7-GMMP-228P NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`

Summary An authenticated user with columnAdd permission on a Postgres-backed base can inject arbitrary SQL into the formula engine via the optional direction argument of ARRAYSORT.... The value is unrestricted by formula validation and embedded into a knex.raw ORDER BY clause, executing during...

6CVSS5.8AI score0.00027EPSS

Exploits0References3