CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

995 matches found

EUVD•added yesterday•5 views

EUVD-2026-33986

React Router has stored XSS via unescaped Location header in prerendered redirect HTML...

5.4CVSS5.8AI score0.00029EPSS

Exploits0References2

Positive Technologies•added 3 days ago•5 views

PT-2026-45512

FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq xapp ric gen id in src/ric/iApp/xapp ric id.c compares m0-xapp id against itself m0-xapp id instead of the other argument m1-xapp id, effectively ignoring the xApp identity dimension. ...

5.8AI score0.0004EPSS

Exploits1References3

MariaDBUnix•added 5 days ago•6 views

CVE-2026-48163

Disclaimer: This data contains information about vulnerable...

5.7AI score

Exploits0

MariaDBUnix•added 5 days ago•5 views

CVE-2026-48165

Disclaimer: This data contains information about vulnerable...

5.7AI score

Exploits0

MariaDBUnix•added 2026/05/28 12:0 a.m.•10 views

CVE-2026-49261

Disclaimer: This data contains information about vulnerable...

5.7AI score

Exploits0

Packet Storm News•added 2026/05/27 12:0 a.m.•5 views

MIRAGE: Context-Aware Prompt Injection against Mobile GUI Agents Via User-Generated Content

Mobile graphical user interface GUI agents driven by vision-language models VLMs perceive the screen as rendered pixels and choose actions from what they see, so they cannot reliably separate trusted interface elements from user-generated content. We present MIRAGE Mobile Injection of Realistic...

5.8AI score

Exploits0

Redos•added 2026/05/24 12:0 a.m.•9 views

ROS-20260524-73-0034

A vulnerability in the vim text editor is related to the failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands provided the user opens a specially generated file...

9.2CVSS6.5AI score0.00014EPSS

Exploits0

OSV•added 2026/05/22 1:29 p.m.•4 views

MAL-2026-4763 Malicious code in pulumi-vcd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...

6AI score

Exploits0References2

Tenable Nessus•added 2026/05/20 12:0 a.m.•2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021641 advisory. In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm...

5.5CVSS6.3AI score0.00016EPSS

Exploits0References3

Broadcom•added 2026/05/19 12:0 a.m.•8 views

Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection (CVE-2026-27641)

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...

9.8CVSS6.5AI score0.00226EPSS

Exploits1

MariaDBUnix•added 2026/05/18 12:0 a.m.•6 views

CVE-2026-44170

Disclaimer: This data contains information about vulnerable...

5.7AI score

Exploits0

MariaDBUnix•added 2026/05/18 12:0 a.m.•6 views

CVE-2026-44168

Disclaimer: This data contains information about vulnerable...

5.7AI score

Exploits0

MariaDBUnix•added 2026/05/18 12:0 a.m.•9 views

CVE-2026-44173

Disclaimer: This data contains information about vulnerable...

5.7AI score

Exploits0

MariaDBUnix•added 2026/05/18 12:0 a.m.•7 views

CVE-2026-44171

Disclaimer: This data contains information about vulnerable...

5.7AI score

Exploits0

Packet Storm News•added 2026/05/18 12:0 a.m.•3 views

Explainable Machine Learning for Phishing Detection on Heterogeneous Datasets with MCP-Enabled Deployment

With the growth in digital transformation and Internet usage, the Social Engineering techniques such as Phishing have become a major concern for the users and the organizations. Phishing attacks involve deceptive techniques to trick users into revealing confidential information that causes...

5.8AI score

Exploits0

MariaDBUnix•added 2026/05/18 12:0 a.m.•6 views

CVE-2026-44172

Disclaimer: This data contains information about vulnerable...

5.7AI score

Exploits0

ATTACKERKB•added 2026/05/15 12:31 p.m.•6 views

CVE-2026-7182

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1...

9.2CVSS5.8AI score0.00153EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/15 12:31 p.m.•10 views

CVE-2026-7182

The CVE concerns Diagram’s export module vulnerability to Path Traversal via the src attribute due to insufficient HTML sanitization. An unauthenticated attacker could craft HTML payloads that access local server files and cause them to be displayed in the generated PDF. The issue is mitigated by...

9.2CVSS5.8AI score0.00153EPSS

Exploits0References3

EUVD•added 2026/05/15 12:31 p.m.•6 views

EUVD-2026-30539

9.2CVSS5.8AI score0.00153EPSS

Exploits0References3

CNNVD•added 2026/05/15 12:0 a.m.•4 views

DHTMLX Gantt 路径遍历漏洞

DHTMLX Gantt is a JavaScript Gantt chart component developed by DHTMLX Corporation. It supports project planning, task scheduling, and timeline visualization. Versions of DHTMLX Gantt prior to 0.7.6 contained a path traversal vulnerability. This vulnerability stemmed from a lack of HTML cleaning,...

9.2CVSS5.8AI score0.00042EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by