CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

304 matches found

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Tomcat9

Improper neutralization of escape, meta, or control sequence vulnerabilities in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...

9.6CVSS8.4AI score0.09917EPSS

Exploits0References2

Tenable Nessus•added 2026/06/16 12:0 a.m.•6 views

Mozilla Firefox < 152.0

The version of Firefox installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-57 advisory. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

9.8CVSS6AI score0.0045EPSS

Exploits0References41

NVD•added 2026/06/10 11:16 p.m.•9 views

CVE-2026-47712

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS0.00139EPSS

Exploits0References3

FreeBSD•added 2026/06/07 12:0 a.m.•5 views

p5-ack -- Multiple issues

Ack project reports: CVE-2026-49147: filename ANSI escape sequences CVE-2026-49146: project .ackrc -A -B -C memory exhaustion CVE-2026-49145: project .ackrc --follow / --files-from file exfiltration...

5.4AI score

Exploits0References3

RedhatCVE•added 2026/06/05 7:13 p.m.•8 views

CVE-2026-48188

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

9.1CVSS5.6AI score0.00362EPSS

Exploits1References1

Cvelist•added 2026/06/05 6:26 p.m.•29 views

CVE-2026-46394 HAX CMS Vulnerable to Command Injection using Git.php

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via procopen. An...

7.7CVSS0.00768EPSS

Exploits1References1

OSV•added 2026/06/05 12:4 p.m.•7 views

RLSA-2026:22325 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefox: Sandbox escape in the Profile Backup component...

7.5CVSS5.5AI score0.00605EPSS

Exploits0References20

Tenable Nessus•added 2026/06/04 12:0 a.m.•17 views

RockyLinux 10 : firefox (RLSA-2026:21380)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21380 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

9.8CVSS5.9AI score0.00605EPSS

Exploits0References37

NVD•added 2026/06/01 4:16 a.m.•17 views

CVE-2026-48188

9.1CVSS0.00362EPSS

Exploits1References1

Cvelist•added 2026/06/01 3:33 a.m.•40 views

CVE-2026-48188 SQL Injection via MySQL Quote Method

9.1CVSS0.00362EPSS

Exploits1References1

CVE•added 2026/06/01 3:33 a.m.•37 views

CVE-2026-48188

OTRS (including the ((OTRS)) Community Edition) has a SQL injection in the database layer module that allows unauthenticated access to bypass authentication, triggered when MySQL/MariaDB is configured with NO_BACKSLASH_ESCAPES. Affected versions include 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2...

9.1CVSS5.9AI score0.00362EPSS

Exploits1References1Affected Software1

EUVD•added 2026/06/01 3:33 a.m.•11 views

EUVD-2026-33552

9.1CVSS5.9AI score0.00362EPSS

Exploits1References1

Positive Technologies•added 2026/06/01 12:0 a.m.•15 views

PT-2026-45260

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.x through 2026.3.x OTRS Community Edition version 6.0.x Description Improper input validation in the database layer module allows an unauthenticated SQL injection, which can lead to an authentication bypass. This enables...

9.1CVSS5.6AI score0.00362EPSS

Exploits1References8

EUVD•added 2026/05/29 1:14 p.m.•9 views

EUVD-2026-33310

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...

8.8CVSS5.9AI score0.00318EPSS

Exploits0References1

RedhatCVE•added 2026/05/28 8:12 p.m.•12 views

CVE-2026-47118

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS

Exploits0References1

RedHat Linux•added 2026/05/27 4:24 p.m.•16 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS5.9AI score0.00605EPSS

Exploits0References20