CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3578 matches found

WordPress Page Layout builder v1.9.3 - Cross-Site Scripting

WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. id: CVE-2016-1000141 info: name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site...

6.1CVSS6.2AI score0.06584EPSS

Exploits2References4

NVD•added yesterday•7 views

CVE-2026-36602

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kernel memory layout and aiding further exploitation...

Exploits0References1

Positive Technologies•added yesterday•7 views

PT-2026-45990

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kernel memory layout and aiding further exploitation...

5.8AI score

Exploits0References2

EUVD•added yesterday•4 views

EUVD-2026-34141

5.8AI score

Exploits0References1

CVE•added yesterday•6 views

CVE-2026-36602

CVE-2026-36602 concerns the Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909, where the UPnP GetStatusInfo action can disclose the kernel memory layout. An unauthenticated attacker on an adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kernel memory structure ...

5.8AI score

Exploits0References1

ATTACKERKB•added yesterday•3 views

CVE-2026-36602

5.8AI score

Exploits0References2

RedHat Linux•added 2 days ago•5 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.8AI score0.00034EPSS

Exploits0References9

RedHat Linux•added 2 days ago•5 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

7.5CVSS6.6AI score0.00034EPSS

Exploits0References9

RedHat Linux•added 2 days ago•5 views

org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output

A flaw was found in Apache Log4j's JsonTemplateLayout. This vulnerability allows a remote attacker to disrupt log processing systems. By sending log events that include specific non-numeric floating-point values, the attacker can cause the JsonTemplateLayout to generate invalid JSON output. This...

7.5CVSS5.8AI score0.00055EPSS

Exploits0References9

OSV•added 3 days ago•6 views

BIT-NGINX-2026-9256 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.00237EPSS

Exploits3References3

Rosalinux•added 3 days ago•5 views

Advisory ROSA-SA-2026-3296

CVE-ID: CVE-2020-10809 BDU-ID: 2024-07119 CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in the Decompress function in the decompress.c file. This vulnerability is related to writing beyond the memory bounds. Exploitation of this vulnerability could allow an attacker to cause a service failure...

9.8CVSS6.5AI score0.00474EPSS

Exploits4

SUSE CVE•added 5 days ago•8 views

SUSE CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

5.5CVSS5.8AI score0.00012EPSS

Exploits0References3

Snyk•added 2026/05/28 4:50 p.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the layout mode text extraction process when handling PDFs with large...

5.5CVSS5.8AI score0.00012EPSS

Exploits0References2

NVD•added 2026/05/28 4:16 p.m.•14 views

CVE-2026-48155

5.5CVSS0.00012EPSS

Exploits0References3

OSV•added 2026/05/28 4:16 p.m.•4 views

UBUNTU-CVE-2026-48155

5.5CVSS5.8AI score0.00012EPSS

Exploits0References5

CVE•added 2026/05/28 2:51 p.m.•11 views

CVE-2026-48155

The CVE concerns the pypdf Python PDF library. Before version 6.12.0, an attacker could craft a PDF that triggers large memory usage when extracting text in layout mode with very large character offsets. This memory impact is the stated vulnerability; mitigation is updating to 6.12.0 where the is...

5.5CVSS5.8AI score0.00012EPSS

Exploits0References3Affected Software1