CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 5 days ago•3 views

CVE-2026-54360 MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups

8.4CVSS5.3AI score0.00226EPSS

SUSE CVE•added 5 days ago•5 views

SUSE CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS5.3AI score0.00262EPSS

Positive Technologies•added 5 days ago•7 views

PT-2026-49007

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authorization flaw exists in the object add/edit handling. An authenticated user with object editing permissions can assign a MISP object, or attributes within an object, to a sharing group...

5.3CVSS5.3AI score0.0022EPSS

Positive Technologies•added 5 days ago•6 views

PT-2026-48980

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description A flaw in the handling of replies to whisper posts allows authenticated use...

5.4CVSS5.2AI score0.00138EPSS

Exploits0References5

RedhatCVE•added 6 days ago•7 views

CVE-2026-50266

A flaw was found in OpenStack Neutron. A project manager can exploit this vulnerability by creating or updating a port on a shared network and setting the deviceowner to a specific value. This bypasses default access controls, allowing the project manager to obtain trusted network-service port...

6.6CVSS5.1AI score0.00262EPSS

Exploits0References8

Tenable Nessus•added 6 days ago•5 views

Devolutions Server < 2026.1.21.0 / 2026.2.4.0 < 2026.2.5.0 Multiple Vulnerabilities (DEVO-2026-0015)

The version of Devolutions Server installed on the remote host is prior to 2026.1.21.0 or 2026.2.4.0 prior to 2026.2.5.0. It is, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements in the built-in PAM provider password rotation templates in...

6.5CVSS6AI score0.00196EPSS

Exploits0References4

RedhatCVE•added last week•4 views

CVE-2026-11673

An use after free flaw was found in the InterestGroups component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516902973...

8.8CVSS5.4AI score0.00234EPSS

Exploits0References5

The Hacker News•added last week•11 views

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Cybersecurity researchers have warned of a "resurgence and expansion" of JDY , a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO small office and home office and IoT devices and operates as a centrally controlled, high-performanc...

5.6AI score

Exploits0

RedhatCVE•added 2026/06/10 2:59 a.m.•6 views

CVE-2026-44750

SAP MDG Review Match Groups Application does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while...

SUSE CVE•added 2026/06/10 2:31 a.m.•5 views

SUSE CVE-2026-11673

Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00234EPSS

RedhatCVE•added 2026/06/09 8:59 p.m.•6 views

CVE-2026-10787

Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server 2026.1.20.0 and earlier...

4.3CVSS5.5AI score0.00155EPSS

RedHat Linux•added 2026/06/09 11:19 a.m.•6 views

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...

7.5CVSS6.1AI score0.00455EPSS

Exploits0References5

EUVD•added 2026/06/09 12:33 a.m.•6 views

EUVD-2026-35273

8.8CVSS6AI score0.00234EPSS

ATTACKERKB•added 2026/06/09 12:21 a.m.•7 views

CVE-2026-44750

Vulnrichment•added 2026/06/09 12:21 a.m.•5 views

CVE-2026-44750 Missing Authorization check in SAP MDG (Review Match Groups Application)

Cvelist•added 2026/06/09 12:21 a.m.•34 views

Exploits0References2

CVE-2026-44750 Missing Authorization check in SAP MDG (Review Match Groups Application)

4.3CVSS0.00161EPSS

Exploits0References2

CVE•added 2026/06/09 12:21 a.m.•19 views

CVE-2026-44750

CVE-2026-44750 affects SAP MDG (Review Match Groups Application) due to missing authorization checks for authenticated users, enabling a low-privileged user to perform restricted actions and escalate privileges. Impact is described as low integrity impact; confidentiality and availability are not...