CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added yesterday•4 views

PT-2026-48119

Hermes WebUI before version 0.51.269 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within remote terminal workspace candidate...

7.7CVSS5.5AI score

Exploits0References6

Tenable Nessus•added yesterday•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-44119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the htt...

5.5CVSS5.5AI score0.00017EPSS

NVD•added 2 days ago•6 views

CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.5CVSS0.00017EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-35094

5.4AI score0.00017EPSS

Positive Technologies•added 2 days ago•5 views

PT-2026-47624

Summary Arc's user-SQL validator internal/api/query.go:ValidateSQLRequest blocked only read parquet and arc partition agg via regex denylist. The broader DuckDB I/O function family — read csv auto, read csv, read json, read json auto, read text, read blob, glob, parquet metadata, parquet schema,...

7.1CVSS5.6AI score

RedhatCVE•added 5 days ago•3 views

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.4AI score0.0005EPSS

Exploits1References1

RedhatCVE•added 5 days ago•4 views

CVE-2026-42780

A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.6AI score0.00324EPSS

RedhatCVE•added 5 days ago•7 views

CVE-2026-44445

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity XXE reference vulnerability in the EDI Module enables an authenticated attacker to read files from the local file system, including sensitive...

6.5CVSS5.4AI score0.0005EPSS

RedhatCVE•added 5 days ago•4 views

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS6.3AI score0.00023EPSS

RedhatCVE•added 5 days ago•5 views

CVE-2026-4659

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the...

7.5CVSS5.6AI score0.00042EPSS

RedhatCVE•added 5 days ago•4 views

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS5.9AI score0.00037EPSS

Vulnrichment•added 6 days ago•6 views

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS5.8AI score0.00025EPSS

OSV•added last week•5 views

GHSA-J5XP-7M2F-49JV Docling Core: Insufficient validation of image reference URIs

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

8.1CVSS5.8AI score

Exploits0References3

Cvelist•added 2026/06/03 10:39 a.m.•36 views

CVE-2026-35079 Arbitrary file delete vulnerability in method ugw-restore

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.00117EPSS

Positive Technologies•added 2026/06/03 12:0 a.m.•10 views

PT-2026-46104

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enable local fetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block...

7.1CVSS5.8AI score

Positive Technologies•added 2026/06/03 12:0 a.m.•10 views

PT-2026-46127

7.1CVSS5.8AI score

Positive Technologies•added 2026/06/03 12:0 a.m.•7 views

PT-2026-46123

Name of the Vulnerable Software and Affected Versions docling-core versions 1.5.0 through 2.74.0 Description The software does not sufficiently restrict remote request destinations and can resolve a server-provided Content-Disposition to a local path in an unsafe manner. In applications that acce...

8.6CVSS5.8AI score