CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 3 days ago•6 views

CVE-2022-31114

backpack/crud provides Create, Read, Update & Delete CRUD functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing...

5.1CVSS0.00047EPSS

Cvelist•added 3 days ago•30 views

CVE-2026-46254 AppArmor: Allow apparmor to handle unaligned dfa tables

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and as such may trigger unaligned memory accesses on various architectures...

0.00018EPSS

CVE•added 3 days ago•7 views

CVE-2026-46252

The CVE-2026-46252 entry documents a Linux kernel regulator core issue: in regulator_resolve_supply(), late enabling a supply regulator could trigger a lockdep warning when _regulator_put() is called without holding regulator_list_mutex. The fix switches to using regulator_put() and adds proper l...

EUVD•added 3 days ago•6 views

Exploits0References2

EUVD-2025-210057

Cvelist•added 3 days ago•28 views

CVE-2025-71314 drm/panthor: Recover from panthor_gpu_flush_caches() failures

0.00018EPSS

EUVD•added 3 days ago•5 views

EUVD-2025-210056

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queuework is later called with...

ATTACKERKB•added 3 days ago•3 views

Exploits0References2

CVE-2025-71313

Exploits0References3Affected Software1

RedHat Linux•added 3 days ago•6 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

9.8CVSS5.8AI score0.00096EPSS

Exploits0References5

Vulnrichment•added 3 days ago•5 views

CVE-2022-31114 backpack/crud Vulnerable to Cross-site Scripting

5.1CVSS5.4AI score0.00047EPSS

ATTACKERKB•added 3 days ago•3 views

CVE-2022-31114

5.1CVSS5.4AI score0.00047EPSS

Exploits0References2Affected Software1

Cvelist•added 3 days ago•32 views

CVE-2022-31114 backpack/crud Vulnerable to Cross-site Scripting

5.1CVSS0.00047EPSS

RedhatCVE•added 3 days ago•6 views

CVE-2026-0077

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00007EPSS

RedhatCVE•added 3 days ago•8 views

CVE-2025-22426

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00053EPSS

RedhatCVE•added 3 days ago•8 views

CVE-2025-48652

In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00008EPSS

CVE•added 3 days ago•4 views

CVE-2025-15656

CVE-2025-15656 is an Incorrect Privilege Assignment vulnerability affecting the WordPress School Management plugin (the CVE entry and related records list affected scope as WordPress School Management up to version 93.2.0). The underlying issue is privilege escalation via improper privilege assig...

8.8CVSS5.8AI score0.00039EPSS

Nuclei•added 3 days ago•22 views

Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read

The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wpajaxnoprivelvwplogdownload AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, whi...

7.5CVSS7.3AI score0.92591EPSS

Exploits1References4

EUVD•added 3 days ago•7 views

EUVD-2026-34061

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS5.9AI score0.00038EPSS

Exploits0References2

Positive Technologies•added 3 days ago•9 views

PT-2026-45984

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc workqueue alloc workqueue can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queue work is later called wi...