CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

669 matches found

WordPress Generate Security.txt plugin <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Security.txt Deletion vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Generate Security.txt versions = 1.0.12...

4.3CVSS5.8AI score

Exploits0References1Affected Software1

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The issue of a null pointer dereference error in generateencryptionkey has been fixed. If a client sends two session setups with KRB5 authentication to ksmbd, a null pointer dereference error in generateencryptionkey can...

5.5CVSS5.8AI score0.07142EPSS

Exploits0References2

CVE•added last week•17 views

CVE-2026-48768

TypeBot (versions ≤ 3.16.1) exposes an unauthenticated generate-upload-url API (/api/blocks/file-input/v3/generate-upload-url) that uses unsanitized fileName to derive public S3 keys and issues presigned PUT URLs that do not bind Content-Type. This allows anonymous users of a published bot with a...

9.3CVSS5.4AI score0.00268EPSS

Exploits0References2

Cvelist•added last week•22 views

CVE-2026-48768 TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName

TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any...

9.3CVSS0.00268EPSS

Exploits0References2

EUVD•added 2026/06/16 4:30 a.m.•10 views

EUVD-2026-37033

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

8.8CVSS6.6AI score0.00607EPSS

Exploits0References7

Veracode•added 2026/06/15 2:21 p.m.•7 views

Path Traversal

tmp is vulnerable to Path Traversal. The vulnerability is due to insufficient validation in assertPath, which only checks string inputs for .. and can be bypassed using non-string values such as Arrays, Buffers, or objects. Attacker-controlled values supplied to prefix, postfix, or template can...

8.2CVSS5.3AI score0.00496EPSS

Exploits1References2Affected Software1

OSSF Malicious Packages•added 2026/06/11 12:34 a.m.•10 views

Malicious code in @common-stack/generate-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b54a3dc296ec3f6dbded973e24aa9794b498cc1e8305fc3d1f88a4fdff7335df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score

Exploits0References1

OSV•added 2026/06/08 12:0 a.m.•5 views

UBUNTU-CVE-2026-11329

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS4.5AI score0.00078EPSS

Exploits0References9

RedhatCVE•added 2026/06/05 7:50 p.m.•8 views

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

6.5CVSS6.2AI score0.00219EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:50 p.m.•5 views

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

5.3CVSS3.6AI score0.00377EPSS

Exploits0References1

Vulnrichment•added 2026/06/05 12:15 p.m.•8 views

CVE-2026-11329 onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash

3.6CVSS4.5AI score0.00078EPSS

Exploits0References7

EUVD•added 2026/06/05 12:15 p.m.•10 views

EUVD-2026-34826

3.6CVSS4.5AI score0.00078EPSS

Exploits0References7

CVE•added 2026/06/05 12:15 p.m.•20 views

CVE-2026-11329

Technical details are not publicly available in the provided documents. Monitor for updates from official sources for affected products, versions, impact, and remediation.

3.6CVSS4.6AI score0.00078EPSS

Exploits0References7

CNNVD•added 2026/06/05 12:0 a.m.•5 views

ONNX-MLIR 安全漏洞

ONNX-MLIR is an open-source compiler tool developed by Open Neural Network Exchange that converts ONNX graphs into efficient code. Versions of ONNX-MLIR prior to 0.5.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of a weak hash function in the generatehashkey...

3.6CVSS4.9AI score0.00078EPSS

Exploits0References7

RedhatCVE•added 2026/06/02 10:2 p.m.•9 views

CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

8.7CVSS5.9AI score0.00417EPSS

Exploits0References1