CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

Snyk•added 2026/05/24 8:47 p.m.•6 views

XML External Entity (XXE) Injection

Overview tpwd/kesearch is a search extension for TYPO3, including faceting search functions. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the additionaltables configuration of the page and ttcontent indexers that accept arbitrary table and field names....

5.9CVSS6AI score0.00051EPSS

Exploits0References2

CVE•added 2026/05/19 9:24 a.m.•7 views

CVE-2026-46724

CVE-2026-46724 affects the Typo3 extension Faceted Search (ke_search). The file indexer does not normalize the configured directory path, allowing a backend user with permission to edit indexer configurations to index documents from arbitrary server file-system locations via path traversal. CVSS ...

5.9CVSS5.9AI score0.00056EPSS

Exploits0References1

Friends Of PHP•added 2026/05/18 2:30 p.m.•5 views

TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...

5.9CVSS5.8AI score0.00051EPSS

Exploits0Affected Software1

Friends Of PHP•added 2026/05/18 2:30 p.m.•5 views

TYPO3-EXT-SA-2026-011: XML External Entity Injection in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...

5.9CVSS5.8AI score0.00054EPSS

Exploits0Affected Software1

Vulnrichment•added 2026/05/01 3:59 p.m.•1 views

CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...

5.8AI score0.00018EPSS

Exploits0References1

Tenable Nessus•added 2026/03/05 12:0 a.m.•2 views

Wireshark 4.6.x < 4.6.4 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.6.4. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.6.4 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of...

7.8CVSS5.9AI score0.00042EPSS

Exploits5References30

Tenable Nessus•added 2026/03/01 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-3202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service CVE-2026-3202 Note that Nessus relies on the presence of the package as...

7.5CVSS5.8AI score0.00021EPSS

Exploits0References2