CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

300 matches found

CVE-2026-46394 HAX CMS Vulnerable to Command Injection using Git.php

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via procopen. An...

7.7CVSS

Exploits0References1

OSV•added 8 hours ago•3 views

RLSA-2026:22325 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

7.5CVSS5.5AI score0.00164EPSS

Exploits0References20

Tenable Nessus•added yesterday•8 views

RockyLinux 10 : firefox (RLSA-2026:21380)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21380 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

9.8CVSS5.9AI score0.00109EPSS

Exploits0References37

NVD•added 4 days ago•7 views

CVE-2026-48188

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

9.1CVSS0.00074EPSS

Exploits0References1

Cvelist•added 4 days ago•37 views

CVE-2026-48188 SQL Injection via MySQL Quote Method

9.1CVSS0.00074EPSS

Exploits0References1

CVE•added 4 days ago•23 views

CVE-2026-48188

OTRS (including the ((OTRS)) Community Edition) has a SQL injection in the database layer module that allows unauthenticated access to bypass authentication, triggered when MySQL/MariaDB is configured with NO_BACKSLASH_ESCAPES. Affected versions include 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2...

9.1CVSS5.9AI score0.00074EPSS

Exploits0References1

EUVD•added 4 days ago•6 views

EUVD-2026-33552

9.1CVSS5.9AI score0.00074EPSS

Exploits0References1

Positive Technologies•added 4 days ago•9 views

PT-2026-45260

9.1CVSS5.9AI score0.00074EPSS

Exploits0References2

EUVD•added 2026/05/29 1:14 p.m.•6 views

EUVD-2026-33310

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...

8.8CVSS5.9AI score0.00058EPSS

Exploits0References1

RedhatCVE•added 2026/05/28 8:12 p.m.•6 views

CVE-2026-47118

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00053EPSS

Exploits0References1

RedHat Linux•added 2026/05/27 4:24 p.m.•11 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS5.9AI score0.00164EPSS

Exploits0References20

Vulnrichment•added 2026/05/27 2:22 p.m.•9 views

CVE-2026-47118 Agent Zero < 1.15 Path Traversal File Read via image_get API

7.1CVSS5.9AI score0.00053EPSS

Exploits0References3

Cvelist•added 2026/05/27 2:22 p.m.•35 views

CVE-2026-47118 Agent Zero < 1.15 Path Traversal File Read via image_get API

7.1CVSS0.00053EPSS

Exploits0References3

EUVD•added 2026/05/27 2:22 p.m.•6 views

EUVD-2026-32522

7.1CVSS5.9AI score0.00053EPSS

Exploits0References3

ATTACKERKB•added 2026/05/27 2:22 p.m.•6 views

CVE-2026-47118

7.1CVSS5.9AI score0.00053EPSS

Exploits0References4

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-44005

7.1CVSS5.9AI score0.00053EPSS

Exploits0References4

OSV•added 2026/05/27 12:0 a.m.•5 views

ALSA-2026:21381 Important: thunderbird security update

9.8CVSS5.9AI score0.00164EPSS

Exploits0References40

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в tomcat9

A flaw in Apache Tomcat allows improper neutralization of escape, meta, or control sequences. Tomcat does not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, an attacker could use a...

9.6CVSS7.3AI score0.00135EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в ujson

UltraJSON is a fast JSON encoder and decoder written in pure C, with bindings for Python 3.7+. It was found that affected versions incorrectly decoded certain characters. JSON strings containing escaped surrogate characters that were not part of a valid surrogate pair were decoded incorrectly. Th...

7.5CVSS7.1AI score0.00069EPSS

Exploits1References2

FreeBSD•added 2026/05/20 12:0 a.m.•5 views

PowerDNS -- Multiple vulnerabilities

PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial of service in Recursor When using views, queries sent using TCP Proxy Protocol will select the view according to the address of the proxy, rather than the address of the initial query. This can lead to...

8.6CVSS5.9AI score0.00024EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by