CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/08 1:43 p.m.•40 views

CVE-2026-41506 go-git Credential leak via cross-host redirect in smart HTTP transport

4.7CVSS0.00259EPSS

GithubExploit•added 2026/05/08 1:7 p.m.•110 views

Exploit for CVE-2026-3844

CVE-2026-3844 — Breeze Cache Unauthenticated Arbitrary File Up...

9.8CVSS6.5AI score0.36512EPSS

Exploits8

EUVD•added 2026/05/08 6:32 a.m.•9 views

EUVD-2022-31080

The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash due to a double fetch vulnerability at aswArPot+0xbb94...

5.3CVSS6.4AI score0.0025EPSS

EUVD•added 2026/05/08 6:32 a.m.•5 views

EUVD-2022-31079

7.8CVSS6.4AI score0.00217EPSS

NVD•added 2026/05/08 5:16 a.m.•28 views

CVE-2022-26523

5.3CVSS0.0025EPSS

NVD•added 2026/05/08 5:16 a.m.•11 views

CVE-2022-26522

7.8CVSS0.00217EPSS

NVD•added 2026/05/08 4:16 a.m.•11 views

CVE-2026-42261

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

7.1CVSS0.00237EPSS

Vulnrichment•added 2026/05/08 3:11 a.m.•7 views

CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

EUVD•added 2026/05/08 3:11 a.m.•5 views

EUVD-2026-28504

ATTACKERKB•added 2026/05/08 3:11 a.m.•6 views

CVE-2026-42261

Exploits1References3Affected Software1

CVE•added 2026/05/08 3:11 a.m.•10 views

CVE-2026-42261

PromptHub prior to v0.5.4 exposes an authenticated SSRF via POST /api/skills/fetch-remote in apps/web/src/routes/skills.ts. The endpoint fetches a user-supplied URL server-side and reflects the response (up to 5 MB) back to the caller. The isPrivateIPv6 check in apps/web/src/utils/remote-http.ts ...

Exploits1References2Affected Software1

Cvelist•added 2026/05/08 3:11 a.m.•30 views

CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`

7.1CVSS0.00237EPSS

CVE•added 2026/05/08 12:0 a.m.•3316 views

CVE-2022-26522

CVE-2022-26522 affects Avast/AVG Anti-Rootkit driver aswArPot.sys. The socket connection handler vulnerability enables local privilege escalation to kernel mode, with potential memory corruption/OS crash via double-fetch at aswArPot+0xc4a3. Avast’s mitigations include a fix released in version 22...

7.8CVSS7.8AI score0.00217EPSS

Positive Technologies•added 2026/05/08 12:0 a.m.•6 views

PT-2026-39224

Name of the Vulnerable Software and Affected Versions Linkwarden versions prior to 2.13.0 Description Insufficient URL validation in the fetchTitleAndHeaders function allows authenticated users to perform Server-Side Request Forgery SSRF, a flaw where the server is tricked into making requests to...

9.1CVSS5.9AI score0.00285EPSS

Exploits0References11

ATTACKERKB•added 2026/05/08 12:0 a.m.•4 views

CVE-2022-26522

7.8AI score0.00217EPSS

CVE•added 2026/05/08 12:0 a.m.•3289 views

CVE-2022-26523

The CVE-2022-26523 issue affects the Avast/AVG Anti‑Rootkit driver aswArPot.sys (Windows). It is a local, kernel‑mode vulnerability caused by a double fetch at aswArPot+0xbb94, enabling a user with limited privileges to run code at kernel level or trigger memory corruption/OS crash. Connected doc...

5.3CVSS7.8AI score0.0025EPSS

CNNVD•added 2026/05/08 12:0 a.m.•6 views

PromptHub 输入验证错误漏洞

PromptHub is an AI prompt and skill management tool developed by Legeling. In versions 0.4.9 to 0.5.4 of PromptHub, there was a vulnerability related to input validation errors. This vulnerability stemmed from the endpoint POST /api/skills/fetch-remote, which retrieves the URL provided by the use...

7.1CVSS5.8AI score0.00237EPSS

Exploits1References1

Cvelist•added 2026/05/08 12:0 a.m.•26 views

CVE-2022-26522

0.00217EPSS