CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

345 matches found

DRUPAL-CONTRIB-2026-039

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...

5.8AI score

Exploits0References1

Drupal•added yesterday•3 views

LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

5.8AI score

Exploits0References2

Positive Technologies•added yesterday•3 views

PT-2026-46112

5.8AI score

Exploits0References2

Positive Technologies•added yesterday•3 views

PT-2026-46079

5.8AI score

Exploits0References2

Schneier on Security•added 6 days ago•11 views

Friday Squid Blogging: Another Squid

Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score

Exploits0

RedhatCVE•added 2026/05/27 8:13 p.m.•4 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00016EPSS

Exploits0References1

Packet Storm News•added 2026/05/27 12:0 a.m.•5 views

MIRAGE: Context-Aware Prompt Injection against Mobile GUI Agents Via User-Generated Content

Mobile graphical user interface GUI agents driven by vision-language models VLMs perceive the screen as rendered pixels and choose actions from what they see, so they cannot reliably separate trusted interface elements from user-generated content. We present MIRAGE Mobile Injection of Realistic...

5.8AI score

Exploits0

NVD•added 2026/05/26 4:16 p.m.•9 views

CVE-2026-46620

6.5CVSS0.00016EPSS

Exploits0References1

EUVD•added 2026/05/26 3:4 p.m.•5 views

EUVD-2026-31851

6.5CVSS5.8AI score0.00016EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 3:4 p.m.•5 views

CVE-2026-46620

6.5CVSS5.8AI score0.00016EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/26 3:4 p.m.•33 views

CVE-2026-46620 e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()

6.5CVSS0.00016EPSS

Exploits0References1

CVE•added 2026/05/26 3:4 p.m.•12 views

CVE-2026-46620

CVE-2026-46620 affects the e107 CMS. Prior to version 2.3.5, CSRF protection for comment moderation actions was weakened because session_handler::check() only validates a token if one is present; if no token exists, the check is skipped. This could allow unauthorized state changes via CSRF where ...

6.5CVSS5.8AI score0.00016EPSS

Exploits0References1

Vulnrichment•added 2026/05/26 3:4 p.m.•4 views

CVE-2026-46620 e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()

6.5CVSS5.8AI score0.00016EPSS

Exploits0References1

Positive Technologies•added 2026/05/26 12:0 a.m.•5 views

PT-2026-43269

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session handler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validate...

6.5CVSS5.8AI score0.00016EPSS

Exploits0References2

Schneier on Security•added 2026/05/22 9:4 p.m.•5 views

Friday Squid Blogging: Regulating Squid Fishing in the South Pacific

The South Pacific Regional Fisheries Management Organization SPRFMO needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score

Exploits0

Schneier on Security•added 2026/05/16 1:3 a.m.•10 views

Friday Squid Blogging: Bigfin Squid

Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

5.8AI score

Exploits0

NVD•added 2026/05/14 5:16 a.m.•3 views

CVE-2026-7525

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

4.3CVSS0.00017EPSS

Exploits0References12

Positive Technologies•added 2026/05/14 12:0 a.m.•5 views

PT-2026-40850

4.3CVSS5.8AI score0.00017EPSS

Exploits0References13

CVE•added 2026/04/23 12:9 a.m.•9 views

CVE-2026-41243

OpenLearn's OpenLearn project has a vulnerability CVE-2026-41243 where, prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, enabling safeMode does not prevent public access to unapproved posts via direct post UUID. The post-read path still returns full content to anyone who has the UUID, ev...

6.9CVSS5.7AI score0.00036EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/04/23 12:9 a.m.•25 views

CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS0.00036EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by