CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 5 hours ago•4 views

CVE-2026-7774

The CVE-2026-7774 entry concerns tarfile.data_filter in Python's tarfile handling. Crafted link entries, including symlinks with empty or directory-like names, can bypass checks to cause tarfile.extractall() to write files outside the intended extraction directory, limited by the extractor's perm...

6.9CVSS5.8AI score

RedHat Linux•added 5 hours ago•5 views

Important: Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update

Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.1CVSS6.9AI score0.00255EPSS

Exploits4References36

OSV•added 7 hours ago•2 views

RLSA-2026:21676 Important: cockpit security update

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: Cockpit: Arbitrary command execution via crafted links in...

8CVSS6AI score0.00275EPSS

Rockylinux•added 7 hours ago•2 views

cockpit security update

An update is available for cockpit. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Cockpit enables users to administer GNU/Linux servers using a web browser. I...

8CVSS7.2AI score0.00275EPSS

Exploits0

Vulnrichment•added 9 hours ago•3 views

CVE-2026-50226 Firmware Theft & IMEI Spoofing via Connect-OTA

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...

6.9CVSS5.9AI score

Exploits0References1

CVE•added 9 hours ago•8 views

CVE-2026-50226

CVE-2026-50226 affects the AcerConnect OTA application. The issue arises from fixed AES-128-CBC keys inside the app, allowing attackers to forge authorization credentials for arbitrary IMEI numbers. This enables unauthorized actors to list catalog items and extract protected binaries from pre-sig...

6.9CVSS5.9AI score

Exploits0References1

EUVD•added 9 hours ago•2 views

EUVD-2026-34231

6.9CVSS5.9AI score

Exploits0References1

Circl•added 15 hours ago•2 views

CVE-2026-49185

creationtimestamp| type| source ---|---|--- 2026-06-04 04:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116689956169057665 2026-06-04 04:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mngs2jmfpk2q 2026-06-04 06:54:06+00:00| seen|...

10CVSS5.8AI score

Nuclei•added 15 hours ago•5 views

LolLMS < 2.2.0 - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via downloadimagetotemp in backend/routers/files.py without any validation, allowing an unauthenticated...

7.5CVSS7.5AI score0.02629EPSS

Exploits1References3

Circl•added 16 hours ago•2 views

CVE-2026-41860

creationtimestamp| type| source ---|---|--- 2026-06-04 03:20:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mngo5dkpkj2f 2026-06-04 04:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mngqeycd7q2k 2026-06-04 09:07:08+00:00| seen|...

8.8CVSS5.8AI score

Circl•added 16 hours ago•1 views

CVE-2026-41011

creationtimestamp| type| source ---|---|--- 2026-06-04 03:00:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mngmzjmk3y2q 2026-06-04 03:00:36+00:00| seen| https://infosec.exchange/users/offseq/statuses/116689602129166209 2026-06-04 03:19:28+00:00| seen|...

8.7CVSS5.8AI score

Exploits0References5

NVD•added 17 hours ago•4 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS

Vulnrichment•added 18 hours ago•2 views

CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function

ATTACKERKB•added 18 hours ago•2 views

CVE-2026-10737

CVE•added 18 hours ago•8 views

Exploits0References5

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is affected up to version 4.71 by an access control flaw in view_file that allows unauthenticated attackers to read file metadata and obtain download links for files stored in project folders. The authorization gate uses a negated nonce check...

EUVD•added 18 hours ago•3 views

EUVD-2026-34190

Circl•added 18 hours ago•1 views

CVE-2026-8722

creationtimestamp| type| source ---|---|--- 2026-06-04 01:06:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnggo4dgrl23 2026-06-04 01:20:24+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mnghgns3a62j...

5.8AI score

Circl•added 18 hours ago•1 views

GHSA-49RJ-9FVP-4H2H

creationtimestamp| type| source ---|---|--- 2026-06-04 00:40:58+00:00| seen| https://gist.github.com/alon710/6d419a56b43f4ac63f23facb23062d82 2026-06-04 00:50:54+00:00| seen| https://gist.github.com/alon710/cecab85d181ca5255e1b29e5e5dd0f30...

5.8AI score

Circl•added 18 hours ago•2 views

CVE-2026-22054

creationtimestamp| type| source ---|---|--- 2026-06-04 00:40:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mngf6vd4652m 2026-06-04 13:20:25+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnhpo4vr3n2o...

5.3CVSS5.8AI score