CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

113 matches found

RedhatCVE•added 2026/06/05 7:22 p.m.•6 views

CVE-2026-34358

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.6AI score0.00297EPSS

Exploits0References1

EUVD•added 2026/06/03 10:39 a.m.•10 views

EUVD-2026-34075

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS

Exploits0References1

UbuntuCve•added 2026/05/22 12:0 a.m.•10 views

CVE-2026-39831

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS5.8AI score0.00373EPSS

Exploits0References5

EUVD•added 2026/05/19 9:39 p.m.•8 views

EUVD-2026-30993

8.1CVSS5.9AI score0.00297EPSS

Exploits0References2

ATTACKERKB•added 2026/05/13 7:23 p.m.•5 views

CVE-2026-42551

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET...

7.5CVSS5.8AI score0.0031EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/24 2:40 a.m.•13 views

CVE-2026-41317

The CVE concerns Press, a Frappe-based app, where the API endpoint press.api.account.create_api_secret is vulnerable to CSRF-like exploits. The issue stems from the endpoint accepting unsafe HTTP methods (GET) and writing to the database, enabling unauthorized actions without user interaction. A ...

8.7CVSS5.8AI score0.00165EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/04/24 12:0 a.m.•6 views

ERB 安全漏洞

ERB is an open-source embedded Ruby template processing tool developed by The Ruby Programming Language. There is a security vulnerability in ERB, which stems from the lack of protection for @src in methods like ERBdefmethod, ERBdefmodule, and ERBdefmodule. This vulnerability could allow attacker...

8.1CVSS6.2AI score0.00508EPSS

Exploits0References2

Snyk•added 2026/02/24 7:56 p.m.•6 views

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the runmethod function. An attacker can execute arbitrary JavaScript in the victim's browser by supplying crafted input as a method...

6.1CVSS5.9AI score0.00163EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2015-5412

Malware in sbrugna...

4.3CVSS6.4AI score0.02075EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-0848

Malware in sbrugna...

7.1CVSS6.8AI score0.00322EPSS

Exploits0References5