CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/18 12:0 a.m.•8 views

amf 缓冲区错误漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain a buffer error vulnerability. This vulnerability stems from unknown functions in the ngap/dispatcher.go file within the NGAP Message Handler component, which can lea...

5.3CVSS6AI score0.00303EPSS

CNNVD•added 2026/05/18 12:0 a.m.•9 views

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the NGAP Message Handler component, specifically in the file ngap/handler.go, which...

5.3CVSS5.8AI score0.00303EPSS

Positive Technologies•added 2026/05/18 12:0 a.m.•8 views

PT-2026-41681

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enet encap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled item count value that is not consistently...

5.8AI score0.00114EPSS

Exploits0References3

Cvelist•added 2026/05/18 12:0 a.m.•37 views

CVE-2026-38719

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enetencap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled itemcount value that is not consistently...

0.00114EPSS

Exploits0References2

Positive Technologies•added 2026/05/18 12:0 a.m.•8 views

PT-2026-41786

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description The per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can reach up to 8KB. If a CPU mismatch occurs between...

5.9CVSS5.9AI score0.00237EPSS

Exploits1References5

Positive Technologies•added 2026/05/18 12:0 a.m.•7 views

PT-2026-41783

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description The Postgres protocol parser incorrectly assumes that BIND message payloads contain a valid NUL-terminated portal name. When processing a crafted empty or unterminated...

7.5CVSS6AI score0.00294EPSS

Exploits1References20

NVD•added 2026/05/17 5:16 a.m.•11 views

CVE-2026-8729

A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/snssais results in denial of service. The attack is possible to be carried out remotely. The exploi...

6.5CVSS0.0039EPSS

Exploits1References6

CVE•added 2026/05/17 3:30 a.m.•12 views

CVE-2026-8729

CVE-2026-8729 affects Open5GS (up to 2.7.7) in the NRF component, specifically the function in /lib/sbi/message.c. Manipulating the argument service-names/snssais can trigger a denial of service. The issue is exploitable remotely, and the exploit is publicly available. The reports indicate the pr...

6.5CVSS5.5AI score0.0039EPSS

Exploits1References6Affected Software1

ATTACKERKB•added 2026/05/17 3:30 a.m.•10 views

CVE-2026-8729

5.3CVSS5.5AI score0.0039EPSS

Exploits1References6

GithubExploit•added 2026/05/16 11:3 p.m.•101 views

lwip-2026-pocs

lwip-2026-pocs Proof-of-concept exploits from the xchglabs...

5.9AI score

Exploits0

NVD•added 2026/05/16 4:16 p.m.•8 views

CVE-2021-47957

Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the Bar Message field. Attackers can inject script payloads through the plugin settings page that execute in the browsers of...

6.4CVSS0.00197EPSS

Cvelist•added 2026/05/16 3:26 p.m.•29 views

CVE-2021-47957 WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg

6.4CVSS0.00197EPSS

CVE•added 2026/05/16 3:26 p.m.•11 views

CVE-2021-47957

The vulnerability affects the WordPress plugin Cookie Law Bar (version 1.2.1). It is a stored XSS in the Bar Message field (parameter clb_bar_msg) that can be exploited by an authenticated attacker to inject scripts via the plugin settings page, with the payload executing in the browsers of all s...

ATTACKERKB•added 2026/05/16 3:26 p.m.•3 views

CVE-2021-47957

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/16 3:26 p.m.•6 views

CVE-2021-47957 WordPress Plugin Cookie Law Bar 1.2.1 Stored XSS via clb_bar_msg

EUVD•added 2026/05/16 3:26 p.m.•9 views

EUVD-2021-34825

CNNVD•added 2026/05/16 12:0 a.m.•8 views

WordPress plugin Cookie Law Bar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Positive Technologies•added 2026/05/16 12:0 a.m.•7 views

PT-2026-41454

Name of the Vulnerable Software and Affected Versions Cookie Law Bar version 1.2.1 Description A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the 'Bar Message' field. These script payloads are injected through the...