CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/04 12:0 a.m.•8 views

PT-2026-46149

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

9.3CVSS5.8AI score0.00061EPSS

Exploits0References2

NVD•added 2026/05/28 9:16 a.m.•13 views

CVE-2026-7526

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

4.3CVSS0.00038EPSS

Exploits0References6

CNNVD•added 2026/05/27 12:0 a.m.•7 views

Budibase 信息泄露漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.3 contained a vulnerability related to information leakage. This vulnerability...

7.7CVSS5.8AI score0.00034EPSS

Exploits0References2

CNNVD•added 2026/05/27 12:0 a.m.•5 views

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...

4.9CVSS5.8AI score0.00021EPSS

OSSF Malicious Packages•added 2026/05/26 9:10 a.m.•14 views

Malicious code in massive (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02d8dea3e47a2bd45fc796f33fc582956aec2be887add9672fd5eccc91c2135d Package self-describes as the 'Official Massive formerly Polygon.io REST and Websocket client,' a false rebrand claim — Polygon.io has not changed...

5.9AI score

EUVD•added 2026/05/25 9:19 a.m.•13 views

EUVD-2026-31661

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

5.2CVSS5.8AI score0.00012EPSS

NVD•added 2026/05/21 6:16 p.m.•9 views

CVE-2026-48249

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobilelogin.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the mobile RouteMate login flow. An attacker positioned on the...

NVD•added 2026/05/21 6:16 p.m.•9 views

CVE-2026-48247

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An...

NVD•added 2026/05/21 6:16 p.m.•6 views

CVE-2026-48246

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation. An attacker...

Cvelist•added 2026/05/21 5:11 p.m.•35 views

CVE-2026-48249 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.inc.php

ATTACKERKB•added 2026/05/21 5:11 p.m.•6 views

CVE-2026-48249

Vulnrichment•added 2026/05/21 5:11 p.m.•8 views

Exploits0References4

CVE-2026-48247 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php

ATTACKERKB•added 2026/05/21 5:11 p.m.•6 views

CVE-2026-48247

OSV•added 2026/05/21 6:39 a.m.•2 views

Exploits0References4

MAL-2026-4696 Malicious code in turing-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6 package.json declares turing-code as an HTTPS tarball dependency at https://turing.tap365.org/v1.1.2/turing-code-1.1.2.tgz, bypassing the npm registr...

5.9AI score

OSSF Malicious Packages•added 2026/05/21 6:39 a.m.•8 views

Malicious code in turing-sdk (npm)

5.9AI score

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42527

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile login.inc.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for outbound HTTPS requests issued during the mobile RouteMate login flow. A...

CVE•added 2026/05/19 6:0 a.m.•13 views

Exploits0References4

CVE-2025-15609

The CVE-2025-15609 entry concerns the Fortis for WooCommerce WordPress plugin prior to version 1.3.1. The vulnerability allows unauthenticated attackers to leak sensitive API keys and query Fortis’ API, enabling retrieval of sensitive customer data (e.g., past orders and PII). The available sourc...

7.5CVSS5.8AI score0.00029EPSS

OSV•added 2026/05/19 12:0 a.m.•3 views

MAL-2026-4075 Malicious code in @antv/path-util (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References5

CNNVD•added 2026/05/19 12:0 a.m.•6 views

WordPress plugin Fortis for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.00029EPSS