CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/01 9:4 a.m.•15 views

CVE-2026-40548

SOPlanning (versions ≤ 1.55) allows unrestricted file uploads through the backup function. An authenticated attacker can upload a crafted ZIP containing a legitimate user.csv and a malicious file; on extraction the malicious file is placed on the server. When combined with CVE-2026-40547 (Path Tr...

6.4CVSS5.8AI score0.0031EPSS

Snyk•added 2026/06/01 8:26 a.m.•6 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the extractanimvalue function of the Half-Life 1 MDL Loader component when processing the num.total argument. An attacker can achieve arbitrary code execution or cause application crashes by supplying...

5.3CVSS6.5AI score0.00124EPSS

Snyk•added 2026/06/01 8:26 a.m.•6 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the aiNode destructor in scene.cpp of the ASE file parser component. An attacker can trigger memory corruption or potentially execute arbitrary code by providing a crafted ASE file that causes the use of a previously...

5.3CVSS6.4AI score0.00112EPSS

Snyk•added 2026/06/01 8:24 a.m.•7 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the readanimations function of the Half-Life 1 MDL Loader component. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted input files. Remediation There is no...

5.6CVSS6.3AI score0.00124EPSS

Patchstack•added 2026/06/01 8:20 a.m.•9 views

WordPress Crawlomatic Multipage Scraper Post Generator plugin <= 2.7.2 - Authenticated (Author+) Remote Code Execution vulnerability

Authenticated Author+ Remote Code Execution vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.7.2...

8.8CVSS5.8AI score0.00446EPSS

Exploits0References1Affected Software1

OSV•added 2026/06/01 8:16 a.m.•6 views

DEBIAN-CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

4.8CVSS5.8AI score0.00125EPSS

NVD•added 2026/06/01 8:16 a.m.•10 views

CVE-2026-10229

5.3CVSS0.00125EPSS

Exploits0References7

Vulnrichment•added 2026/06/01 7:49 a.m.•6 views

CVE-2026-42359 Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator

A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...

5.8AI score0.0055EPSS

EUVD•added 2026/06/01 7:49 a.m.•15 views

EUVD-2026-33588

8.8CVSS5.8AI score0.0056EPSS

Cvelist•added 2026/06/01 7:49 a.m.•32 views

CVE-2026-42359 Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator

0.0055EPSS

ATTACKERKB•added 2026/06/01 7:49 a.m.•9 views

CVE-2026-42359

8.8CVSS5.8AI score0.0056EPSS

Exploits0References3Affected Software1

CVE•added 2026/06/01 7:49 a.m.•17 views

CVE-2026-42359

CVE-2026-42359 (Apache Airflow) : A bug in the XCom PATCH endpoint (PATCH /api/v2/xcomEntries/{key}) allows an authenticated UI/API user with XCom write permission on a DAG to set XCom entries under reserved keys (e.g., return_value) that bypass a prior validation on the POST path. The endpoint c...

8.8CVSS5.8AI score0.0055EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/06/01 7:48 a.m.•15 views

CVE-2026-45360

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

6AI score0.00572EPSS

EUVD•added 2026/06/01 7:45 a.m.•8 views

EUVD-2026-33583

A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution...

9.8CVSS6.2AI score0.00452EPSS

Vulnrichment•added 2026/06/01 7:45 a.m.•10 views

CVE-2026-7858 Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x

9.8CVSS6.2AI score0.00452EPSS

CVE•added 2026/06/01 7:45 a.m.•24 views

CVE-2026-7858

CVE-2026-7858 involves a Deserialization of Untrusted Data flaw affecting Teamwork Cloud (No Magic Release 2022x–2026x) and Magic Collaboration Studio (CATIA Magic Release 2022x–2026x). The root cause is deserialization of untrusted data enabling unauthenticated remote code execution. The entry h...

9.8CVSS6.2AI score0.00452EPSS

Cvelist•added 2026/06/01 7:45 a.m.•32 views

9.8CVSS0.00452EPSS

GithubExploit•added 2026/06/01 7:43 a.m.•89 views

Exploit for Deserialization of Untrusted Data in Microsoft

Security Deserialization CVE-2026-45659 Overview A HIGH...

8.8CVSS6.1AI score0.01693EPSS

Exploits3

Vulnrichment•added 2026/06/01 7:34 a.m.•7 views

CVE-2026-49298 Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

5.8AI score0.00488EPSS