CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/04 10:30 p.m.•1 views

CVE-2026-7782

A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be performed from...

6.5CVSS5.5AI score0.00043EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/04 10:30 p.m.•31 views

CVE-2026-7782 CodeCanyon Perfex CRM Tenant Clients.php project authorization

6.5CVSS0.00043EPSS

Exploits0References4

Vulnrichment•added 2026/05/04 10:30 p.m.•3 views

CVE-2026-7782 CodeCanyon Perfex CRM Tenant Clients.php project authorization

6.5CVSS6.3AI score0.00043EPSS

Exploits0References4

ATTACKERKB•added 2026/05/04 10:15 p.m.•1 views

CVE-2026-7781

5.3CVSS5.4AI score0.0005EPSS

Github Security Blog•added 2026/05/04 10:1 p.m.•2 views

net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

7.6CVSS5.9AI score0.00016EPSS

Exploits0References14Affected Software1

NVD•added 2026/05/04 9:16 p.m.•7 views

CVE-2026-7779

A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udmnudrdrhandlesubscriptionauthentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. Performing a manipulation results in denial of service. Remote exploitation of...

5.3CVSS0.00122EPSS

Vulnrichment•added 2026/05/04 8:30 p.m.•2 views

CVE-2026-7779 Open5GS authentication-subscription Endpoint nudr-handler.c udm_nudr_dr_handle_subscription_authentication denial of service

5.3CVSS5.4AI score0.00122EPSS

Cvelist•added 2026/05/04 8:30 p.m.•27 views

CVE-2026-7779 Open5GS authentication-subscription Endpoint nudr-handler.c udm_nudr_dr_handle_subscription_authentication denial of service

5.3CVSS0.00122EPSS

CVE•added 2026/05/04 8:30 p.m.•5 views

CVE-2026-7779

Open5GS up to 2.7.7 is affected by a vulnerability in udm_nudr_dr_handle_subscription_authentication (file /src/udm/nudr-handler.c) within the authentication-subscription Endpoint. Manipulation of this function can cause a denial of service; remote exploitation is possible and an exploit has been...

5.3CVSS5.4AI score0.00122EPSS

EUVD•added 2026/05/04 8:30 p.m.•0 views

EUVD-2026-27143

5.3CVSS5.4AI score0.00122EPSS

5.1CVSS4.3AI score0.00034EPSS

CVE-2026-7677

A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java of the component System Notice Handler. This manipulation of the argument...

5.5CVSS5.7AI score0.00047EPSS

CVE-2026-7631

A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has be...

6.5CVSS6.3AI score0.00053EPSS

CVE-2026-7508

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...

RedhatCVE•added 2026/05/04 8:21 p.m.•2 views

CVE-2026-7586

A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogsidgetvalue of the file /src/amf/nudm-handler.c of the component AMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been made available to the public and...

5.3CVSS5.4AI score0.0005EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•5 views

CVE-2026-7601

A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument regtype leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able...

5.3CVSS5.4AI score0.00024EPSS

8.1CVSS5AI score0.00034EPSS

CVE-2026-7611

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platformdoupgradecameodev of the file cameodev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...

Exploits1References1

8.1CVSS5.4AI score0.00034EPSS

CVE-2026-7606

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

Exploits1References1

RedhatCVE•added 2026/05/04 8:21 p.m.•2 views

CVE-2026-7647

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...

8.1CVSS5.9AI score0.00019EPSS