CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/10 12:0 a.m.•11 views

PT-2026-48523

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description A privilege escalation flaw exists in the Linuxulator, a compatibility layer that allows Linux binaries to run on FreeBSD. A logic bug related to AT SECURE occurs during setuid execution...

5.5AI score

Exploits1References2

FreeBSD Advisory•added 2026/06/09 12:0 a.m.•6 views

FreeBSD-SA-26:30.linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:30.linux Security Advisory The FreeBSD Project Topic: Flaw in Linuxulator execution of setugid binaries Category: core Module: linux Announced: 2026-06-09...

6AI score

Exploits1

RedhatCVE•added 2026/06/05 7:24 p.m.•8 views

CVE-2026-8938

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.4AI score0.0014EPSS

Exploits0References1

Positive Technologies•added 2026/06/05 12:0 a.m.•13 views

PT-2026-47061

Excited to share my research was accepted at @BlackHatEvents USA 2026! 🎩 I'll present how I achieved interactive access to users' AI assistants by chaining: 🔓 Prompt injection 🔓 Privilege escalation 🔓 Path traversal 🔓 .toml injection 🔓 and finally an LD PRELOAD exploit The impact: 🚨 CVE-2026-3219...

8.8CVSS5.6AI score0.00336EPSS

GithubExploit•added 2026/06/02 11:17 p.m.•78 views

Linux-privesc-PoC

Linux Privilege Escalation PoC Lab Educational disclaimer...

5.8AI score

Exploits0

NVD•added 2026/06/01 1:16 p.m.•18 views

CVE-2026-9308

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.4CVSS0.00157EPSS

NVD•added 2026/06/01 1:16 p.m.•25 views

CVE-2026-9309

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

5.4CVSS0.00157EPSS

CVE•added 2026/06/01 11:24 a.m.•15 views

CVE-2026-9309

CVE-2026-9309 affects Firefox for iOS Reader View. The issue is improper escaping of HTML tags in JSON-LD metadata, enabling a malicious page to inject markup that leaks sensitive URL parameters and could lead to arbitrary JavaScript execution in an internal origin. Impact is described as access ...

Exploits0References2Affected Software1

EUVD•added 2026/06/01 11:24 a.m.•10 views

EUVD-2026-33630

AlpineLinux•added 2026/06/01 11:24 a.m.•9 views

CVE-2026-9309

Cvelist•added 2026/06/01 11:24 a.m.•31 views

CVE-2026-9309 Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection

0.00157EPSS

Vulnrichment•added 2026/06/01 11:24 a.m.•9 views

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

5.9AI score0.00157EPSS

ATTACKERKB•added 2026/06/01 11:24 a.m.•8 views

CVE-2026-9308

5.4CVSS5.9AI score0.00157EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•14 views

PT-2026-45411

CNNVD•added 2026/06/01 12:0 a.m.•10 views

Mozilla Firefox for iOS 安全漏洞

Mozilla Firefox for iOS is a web browser designed for iOS devices by the Mozilla Foundation in the United States. Versions of Mozilla Firefox for iOS prior to 151.2 contained a security vulnerability. This vulnerability stemmed from Reader View replacing the page content in the HTML template befo...

5.4CVSS5.5AI score0.00157EPSS

NVD•added 2026/05/27 7:16 a.m.•13 views

CVE-2026-8938

4.3CVSS0.0014EPSS

CNNVD•added 2026/05/27 12:0 a.m.•9 views

WordPress plugin auto making JSON-LD 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.0014EPSS

Snyk•added 2026/05/26 11:38 p.m.•10 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through manipulation of JSON-LD document structure using keywords such as @graph, @included, and @reverse. An attacker can alter...

8.3CVSS5.9AI score0.00171EPSS