CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1773 matches found

EpiServer Find <13.2.7 - Open Redirect

EpiServer Find before 13.2.7 contains an open redirect vulnerability via the tredirect parameter in a crafted URL, such as a /findv2/click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...

6.1CVSS6.3AI score0.0474EPSS

Exploits1References5

NVD•added yesterday•6 views

CVE-2026-54313

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

6.5CVSS0.00038EPSS

Exploits0References1

CVE•added yesterday•9 views

CVE-2026-54313

CVE-2026-54313 – n8n NoSQL injection in MongoDB node Find And Replace Affected: n8n (open source workflow automation). Before version 2.24.0, an authenticated user with workflow edit access could provide a malicious value for the MongoDB node’s Find And Replace operation. The value was not valida...

6.5CVSS5.8AI score0.00038EPSS

Exploits0References1

EUVD•added yesterday•4 views

EUVD-2026-38459

6.5CVSS5.8AI score0.00038EPSS

Exploits0References1

Cvelist•added yesterday•25 views

CVE-2026-54313 n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

6.5CVSS0.00038EPSS

Exploits0References1

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: Fixed the possibility of a division-by-zero error in findhwthreadmask. The function divides the number of online CPUs by numcoresiblings, and then checks if the result is zero. This may lead to a division-by-zero...

5.5CVSS6.6AI score0.0016EPSS

Exploits0References2

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fixed null pointer dereferencing in pidfffindfields This function triggered a null pointer dereference if it was used to search for a report that wasn’t implemented on the device. This occurred both for optional and...

5.5CVSS6.1AI score0.00244EPSS

Exploits0References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed a use-after-free issue in ext4findextent when using bigalloc with inline data. Syzbot identified the following issue: - loop0: A change in capacity was detected, from 0 to 2048. - EXT4-fs loop0: The filesystem...

5.8AI score0.00207EPSS

Exploits0References2

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed an issue where inode lists were leaked during backref walking in findparentnodes. During backref walking, when findparentnodes is called, if we are dealing with a data extent and an error occurs while resolving...

5.5CVSS6AI score0.00166EPSS

Exploits0References2

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KEYS: prevented NULL pointer dereference in findasymmetrickey. In findasymmetrickey, if all NULL values are passed as arguments to id0,1,2, the kernel will first emit a WARN message, but then there will be an oops because id2 wil...

5.5CVSS5.9AI score0.0022EPSS

Exploits0References2

CVE•added 2026/06/17 2:8 p.m.•11 views

CVE-2026-55743

OpenHuman desktop agent (before 0.54.0, fixed in 0.56.0) contains two policy flaws in src/openhuman/security/policy.rs that bypass the shell allowlist, enabling remote code execution via indirect prompt injection. First, is_args_safe() blocks -exec and -ok while not blocking -execdir/-okdir (whic...

9.6CVSS6.7AI score0.00704EPSS

Exploits0References3

RedHat Linux•added 2026/06/17 1:24 p.m.•5 views

kernel: geneve: Fix use-after-free in geneve_find_dev().

A use-after-free vulnerability exists in the Linux kernel. When devnet is dismantled, the geneveexitbatchrtnl function calls unregisternetdevicequeue for each device in the network namespace. Later, when the device is freed, it is still linked to the backend UDP socket in the network namespace...

7.8CVSS5.3AI score0.00224EPSS

Exploits0References5

Github Security Blog•added 2026/06/16 6:59 p.m.•9 views

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

Impact An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with...

6.5CVSS5.3AI score0.00038EPSS

Exploits0References2Affected Software1

Patchstack•added 2026/06/16 6:59 p.m.•4 views

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...

6.5CVSS5.9AI score0.00038EPSS

Exploits0References2Affected Software1

Nuclei•added 2026/06/16 7:13 a.m.•15 views

HTTP File Server <2.3c - Remote Command Execution

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...

10CVSS8.8AI score0.99323EPSS

Exploits23References5

EUVD•added 2026/06/16 6:49 a.m.•9 views

EUVD-2026-37040

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS5.8AI score0.00259EPSS

Exploits0References2

Positive Technologies•added 2026/06/16 12:0 a.m.•11 views

PT-2026-50179

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An authenticated user with workflow edit access can provide a malicious filter value within the MongoDB node's Find And Replace operation. Because the value is not validated before being used as a query...

7.7CVSS5.8AI score0.00038EPSS

Exploits0References4

NVD•added 2026/06/09 9:17 p.m.•10 views

CVE-2025-71319

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.00548EPSS

Exploits1References3

ATTACKERKB•added 2026/06/08 3:46 p.m.•4 views

CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

7CVSS5.4AI score0.00113EPSS

Exploits0References9Affected Software1

Tenable Nessus•added 2026/06/08 12:0 a.m.•7 views

TencentOS Server 4: vim (TSSA-2026:0317)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0317 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

5.3CVSS6.1AI score0.00917EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by