CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

EUVD-2026-34075

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score

Exploits0References1

UbuntuCve•added 2026/05/22 12:0 a.m.•7 views

CVE-2026-39831

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS5.8AI score0.00033EPSS

Exploits0References5

EUVD•added 2026/05/19 9:39 p.m.•5 views

EUVD-2026-30993

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.9AI score0.00032EPSS

Exploits0References2

ATTACKERKB•added 2026/05/13 7:23 p.m.•1 views

CVE-2026-42551

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...

7.5CVSS5.8AI score0.00012EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/24 2:40 a.m.•6 views

CVE-2026-41317

The CVE concerns Press, a Frappe-based app, where the API endpoint press.api.account.create_api_secret is vulnerable to CSRF-like exploits. The issue stems from the endpoint accepting unsafe HTTP methods (GET) and writing to the database, enabling unauthorized actions without user interaction. A ...

8.7CVSS5.8AI score0.00022EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/04/24 12:0 a.m.•3 views

ERB 安全漏洞

ERB is an open-source embedded Ruby template processing tool developed by The Ruby Programming Language. There is a security vulnerability in ERB, which stems from the lack of protection for @src in methods like ERBdefmethod, ERBdefmodule, and ERBdefmodule. This vulnerability could allow attacker...

8.1CVSS6.2AI score0.00048EPSS

Exploits0References2

Snyk•added 2026/02/24 7:56 p.m.•3 views

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the runmethod function. An attacker can execute arbitrary JavaScript in the victim's browser by supplying crafted input as a method...

6.1CVSS5.9AI score0.00047EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2009-4420

Malware in sbrugna...

8.8CVSS6.4AI score0.024EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-25603

Malware in sbrugna...

5.3CVSS5.2AI score0.00444EPSS

Exploits0References12