CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

4.3CVSS5.8AI score0.00328EPSS

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

CNNVD•added 2026/05/22 12:0 a.m.•9 views

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability, which stems from improper input validation. This vulnerability could allow malicious actors wi...

9.1CVSS5.9AI score0.01107EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42748

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00328EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•8 views

PT-2026-42816

Name of the Vulnerable Software and Affected Versions Kiro CLI versions prior to 1.28.0 Description Missing input source validation in the tool authorization prompt allows a local attacker to execute arbitrary tools, including shell commands, without user approval. This is achieved by crafting...

8.4CVSS5.8AI score0.00152EPSS

Exploits0References8

CNNVD•added 2026/05/22 12:0 a.m.•4 views

Devise 输入验证错误漏洞

Devise is an open-source authentication solution based on Warden, developed by heartcombo. Versions of Devise prior to 5.0.3 contained a vulnerability related to input validation. This vulnerability stemmed from the FailureAppredirecturl method returning an unvalidated HTTP Referer header, which...

6.1CVSS5.8AI score0.00318EPSS

CNNVD•added 2026/05/22 12:0 a.m.•5 views

Microsoft Azure Stack HCI 输入验证错误漏洞

Microsoft Azure Stack HCI is a hybrid product developed by Microsoft Corporation. It can host Windows and Linux VMs or containerized workloads along with their storage. There is an input validation vulnerability in Microsoft Azure Stack HCI, which stems from improper input validation. This...

7.7CVSS5.8AI score0.00772EPSS

5CVSS5.9AI score0.00169EPSS

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

9.2CVSS5.7AI score0.00552EPSS

shell-quote 安全漏洞

Shell-quote is a software package developed by Jordan Harband. It is used for parsing and quoting shell commands. Shell-quote has a security vulnerability. This vulnerability stems from the quote function not verifying the object token input and the operator model used in parse. As a result, line...

Exploits1References5

CNNVD•added 2026/05/22 12:0 a.m.•8 views

Microsoft Azure Virtual Network Gateway 输入验证错误漏洞

Microsoft Azure Virtual Network Gateway is a cloud gateway service provided by Microsoft that supports VPN and cross-network connectivity. There is an input validation vulnerability in Microsoft Azure Virtual Network Gateway, which stems from improper input validation. This vulnerability may allo...

9.9CVSS6AI score0.00724EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•10 views

PT-2026-42840

Name of the Vulnerable Software and Affected Versions Azure Compute Gallery affected versions not specified Description Improper input validation allows an authorized attacker to disclose information over a network. Recommendations At the moment, there is no information about a newer version that...

7.7CVSS5.8AI score0.00772EPSS

Exploits0References5

CNNVD•added 2026/05/22 12:0 a.m.•8 views

Amazon Web Services Kiro CLI 安全漏洞

Amazon Web Services Kiro CLI is a command-line intelligent programming tool provided by Amazon, which supports AI agents, MCP integration, and terminal automation. Versions of the Amazon Web Services Kiro CLI prior to 1.28.0 contained security vulnerabilities. These vulnerabilities stemmed from...

8.4CVSS6AI score0.00152EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•10 views

PT-2026-42791

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

5.8AI score0.00169EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•9 views

PT-2026-42656

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A malicious actor with network access and high privileges can exploit improper input validation to perform command injection. Command injection is a flaw that allows an attacker to execute...

9.1CVSS6.1AI score0.01107EPSS

Exploits0References9

CNNVD•added 2026/05/22 12:0 a.m.•9 views

Dell PowerFlex Manager 输入验证错误漏洞

Dell PowerFlex Manager is a product of the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contained a vulnerability related to input validation. This vulnerability stemmed from open redirection, allowing unauthenticated attackers to redirect target application users to...

8.2CVSS5.9AI score0.00173EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•13 views

PT-2026-42843

Name of the Vulnerable Software and Affected Versions Azure Virtual Network Gateway affected versions not specified Description Improper input validation allows an authorized attacker to execute code over a network. Recommendations At the moment, there is no information about a newer version that...

9.9CVSS6AI score0.00724EPSS

Exploits0References5