CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/17 12:0 a.m.•11 views

PT-2026-50562

Name of the Vulnerable Software and Affected Versions github workflows affected versions not specified Description The github workflows module constructs local directory paths using repository names provided by the user without validating for symlinks. A local attacker with access to the scan...

2.2CVSS5.2AI score0.00091EPSS

RedhatCVE•added 2026/06/05 7:32 p.m.•5 views

CVE-2026-6421

A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that...

7.3CVSS6.2AI score0.0015EPSS

RedhatCVE•added 2026/06/05 7:11 p.m.•4 views

CVE-2026-44334

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

8.4CVSS5.6AI score0.00246EPSS

Exploits2References1

ATTACKERKB•added 2026/06/04 1:26 p.m.•5 views

CVE-2026-10861

An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...

5.1CVSS5.8AI score0.00223EPSS

Cvelist•added 2026/06/04 1:26 p.m.•38 views

CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url

5.1CVSS0.00223EPSS

CVE•added 2026/06/04 1:26 p.m.•17 views

CVE-2026-10861

An open redirect vulnerability affects MISP in UsersController::routeafterlogin(), where the pre_login_requested_url session key is used as the post-login redirect destination without enforcing that it is a local path. An unauthenticated attacker can lure a user to a trusted MISP instance and, af...

6.1CVSS5.8AI score0.00223EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/06/04 1:26 p.m.•9 views

CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url

5.1CVSS5.8AI score0.00223EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46227

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An open redirect occurs in the routeafterlogin function of the UsersController because the value stored in the pre login requested url session key is used as the post-login redirect destination...

6.1CVSS5.5AI score0.00223EPSS

Exploits0References4

RedhatCVE•added 2026/05/30 2:12 a.m.•9 views

CVE-2026-44543

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...

NVD•added 2026/05/28 5:16 p.m.•11 views

CVE-2026-44543

8.7CVSS0.00368EPSS

CVE•added 2026/05/28 4:41 p.m.•24 views

CVE-2026-44543

Local Path Provisioner (rancher/local-path-provisioner) is affected. Before version 0.0.36, a user with edit rights on the local-path-config ConfigMap can inject a malicious helperPod.yaml into the template used to create HelperPods during PVC provisioning/cleanup. The attacker-controlled templat...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/28 4:41 p.m.•4 views

CVE-2026-44543

Exploits0References2Affected Software1

Cvelist•added 2026/05/28 4:41 p.m.•31 views

CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection

8.7CVSS0.00368EPSS

Vulnrichment•added 2026/05/28 4:41 p.m.•6 views

CVE-2026-44543 Local Path Provisioner: HelperPod Template Injection

EUVD•added 2026/05/28 4:41 p.m.•8 views

EUVD-2026-32954

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Local Path Provisioner 安全漏洞

Local Path Provisioner is a Kubernetes local storage dynamic provisioning tool developed by Rancher. Versions of Local Path Provisioner prior to 0.0.36 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the helperPod.yaml template. Malicious users...

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в firefox

When following a redirect to a publicly accessible web extension file, the URL may have been translated into the actual local path, potentially exposing sensitive information. This vulnerability affects Firefox versions earlier than 111...

6.5CVSS6.7AI score0.00508EPSS