CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72581 matches found

Vulnrichment•added 2026/05/14 7:52 p.m.•6 views

CVE-2026-8527

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00291EPSS

Exploits0References2

Cvelist•added 2026/05/14 7:52 p.m.•31 views

CVE-2026-8516

Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity:...

0.00219EPSS

Exploits0References2

CVE•added 2026/05/14 7:52 p.m.•20 views

CVE-2026-8516

CVE-2026-8516 affects Google Chrome (pre-148.0.7778.168) where insufficient validation of untrusted input in DataTransfer could allow a remote attacker to obtain potentially sensitive information from process memory. The attack requires convincing a user to perform specific UI gestures via a craf...

5.3CVSS5.8AI score0.00219EPSS

Exploits0References2Affected Software1

Patchstack•added 2026/05/14 6:27 p.m.•8 views

NPM: Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation

NPM: Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation vulnerability discovered by ? in WordPress Npm apostrophe versions = 4.29.0...

5.8AI score0.0025EPSS

Exploits0References2Affected Software1

Snyk•added 2026/05/14 4:37 p.m.•3 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' through an upstream type-confusion bug in seroval package. An attacker can trigger unintended execution of a different client-referenced server function by sending a specially...

6.3CVSS5.9AI score

Exploits0References3

Github Security Blog•added 2026/05/14 4:19 p.m.•9 views

FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Dataset entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The Dataset controller/service constructs a new...

8.8CVSS6AI score0.00335EPSS

Exploits0References6Affected Software1

Snyk•added 2026/05/14 2:57 p.m.•10 views

Incomplete List of Disallowed Inputs

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the...

8.8CVSS6.1AI score

Exploits0References2

Snyk•added 2026/05/14 2:57 p.m.•10 views

Incomplete List of Disallowed Inputs

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the server by bypassi...

8.8CVSS6.1AI score

Exploits0References2

OSV•added 2026/05/14 11:56 a.m.•8 views

BIT-TOMCAT-2026-41293 Apache Tomcat: HTTP/2 request headers not validated

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 10.0.0 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to upgrade to...

9.8CVSS5.7AI score0.00996EPSS

Exploits0References3

RedhatCVE•added 2026/05/14 8:21 a.m.•7 views

CVE-2026-21019

Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege...

8.6CVSS6.2AI score0.00156EPSS

Exploits0References1

NVD•added 2026/05/14 6:16 a.m.•22 views

CVE-2026-8280

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation...

6.5CVSS0.00295EPSS

Exploits0References3

NVD•added 2026/05/14 6:16 a.m.•11 views

CVE-2026-1659

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted requests due to insufficient input validation...

7.5CVSS0.00355EPSS

Exploits0References3

NVD•added 2026/05/14 6:16 a.m.•7 views

CVE-2025-14870

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation...

7.5CVSS0.00339EPSS

Exploits0References3