CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1193 matches found

DEBIAN-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.5CVSS5.8AI score0.00116EPSS

Exploits0References1

NVD•added 2 days ago•3 views

CVE-2026-39894

2.9CVSS0.00116EPSS

Exploits0References3

CVE•added 2 days ago•15 views

CVE-2026-39894

CVE-2026-39894 affects Cacti (≤ 1.2.30). Locale-dependent decimal formatting in rrdtool_function_update() uses PHP string interpolation for metric values after is_numeric(), so a value like 1.5 may be rendered as 1,5 under LC_NUMERIC with a comma decimal. RRDtool expects a dot, causing metric dat...

2.9CVSS5.8AI score0.00116EPSS

Exploits0References3Affected Software1

Cvelist•added 2 days ago•20 views

CVE-2026-39894 Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting

2.9CVSS0.00116EPSS

Exploits0References3

Debian CVE•added 2 days ago•4 views

CVE-2026-39894

2.9CVSS5.8AI score0.00116EPSS

Exploits0

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability in node-moment

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability affects users of Moment.js on npm server versions between 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch the moment locale...

7.5CVSS6.5AI score0.05664EPSS

Exploits0References1

NVD•added 2026/06/19 6:17 a.m.•10 views

CVE-2026-9013

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS0.00254EPSS

Exploits0References9

EUVD•added 2026/06/19 4:31 a.m.•10 views

EUVD-2026-37983

4.3CVSS5.8AI score0.00254EPSS

Exploits0References9

NVD•added 2026/06/17 1:21 p.m.•7 views

CVE-2026-8383

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

5.3CVSS0.00187EPSS

Exploits0References1

Cvelist•added 2026/06/17 6:0 a.m.•26 views

CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API

0.00187EPSS

Exploits0References1

CVE•added 2026/06/17 6:0 a.m.•11 views

CVE-2026-8383

The CVE-2026-8383 entry affects the LearnPress WordPress plugin (prior to version 4.3.7). The issue is a missing access control check on a REST endpoint: the edit context is not gated behind the edit_users capability, allowing unauthenticated visitors to retrieve per-user data including roles, fu...

5.3CVSS5.2AI score0.00187EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:38 p.m.•7 views

CVE-2026-34907

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting XSS due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the...

5.1CVSS5.4AI score0.00285EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:13 p.m.•7 views

CVE-2026-40909

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via...

8.7CVSS5.7AI score0.00656EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:12 p.m.•7 views

CVE-2026-44241

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...

7.5CVSS5.6AI score0.00405EPSS

Exploits0References1

RedhatCVE•added 2026/06/02 11:53 p.m.•16 views

CVE-2026-44573

A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization i18n configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /next/data//.json requests, which bypass the...

7.5CVSS5.7AI score0.00351EPSS

Exploits1References4

NVD•added 2026/06/02 10:16 a.m.•12 views

CVE-2026-34907

5.1CVSS0.00285EPSS

Exploits0References2

CVE•added 2026/06/02 8:31 a.m.•14 views

CVE-2026-34907

CVE-2026-34907 describes a Reflected Cross‑Site Scripting (XSS) vulnerability in Wirtualna Uczelnia caused by insecure handling of the locale parameter across multiple endpoints. An attacker can craft a URL with JavaScript in the locale parameter; when a victim opens the link, the injected script...

5.1CVSS5.7AI score0.00285EPSS

Exploits0References2

Cvelist•added 2026/06/02 8:31 a.m.•37 views

CVE-2026-34907 Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia

5.1CVSS0.00285EPSS

Exploits0References2

EUVD•added 2026/06/02 8:31 a.m.•11 views

EUVD-2026-33903

9.3CVSS5.7AI score0.00557EPSS

Exploits0References2