CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

creationtimestamp| type| source ---|---|--- 2026-05-20 02:32:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmauimk56x2v 2026-06-03 11:01:11+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mnexgahs4r2j...

9.8CVSS4.9AI score0.00369EPSS

Exploits0References2

NVD•added 2026/05/20 2:16 a.m.•12 views

CVE-2026-8626

The SponsorMe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS0.00266EPSS

Exploits0References3

ATTACKERKB•added 2026/05/20 1:25 a.m.•10 views

CVE-2026-8626

6.1CVSS6AI score0.00266EPSS

Exploits0References4

EUVD•added 2026/05/20 1:25 a.m.•8 views

EUVD-2026-31024

6.1CVSS6AI score0.00266EPSS

Exploits0References3

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42196

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

5.8AI score0.00198EPSS

Exploits0References3

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

PT-2026-42370

monetr: Server-side request forgery in Lunch Flow link creation and refresh in github.com/monetr/monetr...

8.3CVSS5.8AI score0.00331EPSS

Exploits0References6

Cvelist•added 2026/05/20 12:0 a.m.•42 views

CVE-2026-44925

0.00198EPSS

Exploits0References2

CVE•added 2026/05/20 12:0 a.m.•9 views

CVE-2026-44925

CVE-2026-44925 describes a Cross-Site Request Forgery (CSRF) in InfoScale v.9.1.3 Operations Manager (VIOM). The vulnerability arises from an ability for an attacker to coerce an active VIOM session user into clicking a crafted HTML link, resulting in unintended modifications within the VIOM web ...

8.8CVSS5.8AI score0.00198EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

PT-2026-42159

Improper link resolution before file access 'link following' in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00395EPSS

Exploits0References2

CNNVD•added 2026/05/20 12:0 a.m.•10 views

Microsoft Defender 后置链接漏洞

Microsoft Defender is a threat protection software developed by the American company Microsoft. Microsoft Defender has a postback link vulnerability, which stems from improper link resolution before file access. This vulnerability could allow authorized attackers to gain local privileges...

7.8CVSS6AI score0.01172EPSS

Exploits2References1

CNNVD•added 2026/05/20 12:0 a.m.•4 views

Rsync 后置链接漏洞

Rsync is a fast and versatile file copying tool developed by RsyncProject. It is used for both remote and local files. Versions of Rsync 3.4.2 and earlier have a post-release vulnerability due to a symbolic link race condition in the path system call. Local attackers can redirect operations to...

7.2CVSS5.8AI score0.00141EPSS

Exploits0References2

Tenable Nessus•added 2026/05/20 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-43335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynam...

5.5CVSS5.7AI score0.00107EPSS

Exploits0References2