CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/27 12:0 a.m.•6 views

Phoenix Contact多款产品代码问题漏洞

PHOENIX CONTACT AXC F 1152 and PHOENIX CONTACT AXC F 2152 are controller devices from the German company PHOENIX CONTACT. Several products from Phoenix Contact have code vulnerabilities. These vulnerabilities allow low-privilege local users to manipulate configuration or application-related files...

8.7CVSS5.9AI score0.00033EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43537

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostats manage function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00013EPSS

CNNVD•added 2026/05/27 12:0 a.m.•6 views

WordPress plugin WPBakery Page Builder Addons by Livemesh 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.4CVSS5.8AI score0.0003EPSS

ATTACKERKB•added 2026/05/26 9:32 p.m.•9 views

CVE-2025-43290

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...

5.5CVSS5.8AI score0.00004EPSS

ATTACKERKB•added 2026/05/26 6:23 p.m.•7 views

CVE-2026-3660

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...

9.8CVSS5.8AI score0.00043EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/26 5:43 p.m.•15 views

CVE-2026-44668

CVE-2026-44668 affects FACTION, a PenTesting Report Generation and Collaboration Framework. Prior to version 1.8.3, the authentication gate for all Struts2 actions is implemented by AccessControlInterceptor and unconditionally calls invocation.invoke() without validating a session. Four methods i...

9.8CVSS5.8AI score0.00179EPSS

Vulnrichment•added 2026/05/26 5:43 p.m.•6 views

CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

9.8CVSS5.8AI score0.00179EPSS

EUVD•added 2026/05/26 2:8 p.m.•11 views

EUVD-2026-31834

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

8.6CVSS6.2AI score0.00043EPSS

Exploits0References7

Redos•added 2026/05/24 12:0 a.m.•13 views

ROS-20260524-73-0016

A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...

2.9CVSS7.2AI score0.00022EPSS

Exploits0

Redos•added 2026/05/24 12:0 a.m.•15 views

ROS-20260524-73-0019

2.9CVSS7.2AI score0.00022EPSS

Exploits0

Snyk•added 2026/05/23 1:44 p.m.•5 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in the PDUSessionResourceModifyIndication function of the file handler.go. An attacker can cause memory corruption by sending specially crafted requests to the affected process. Remediation Upgrade...

6.5CVSS6.6AI score0.00052EPSS

Snyk•added 2026/05/23 1:44 p.m.•3 views

Out-of-Bounds

6.5CVSS6.6AI score0.00052EPSS

Cvelist•added 2026/05/23 11:0 a.m.•9 views

CVE-2026-9299 omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption

A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and m...

6.5CVSS0.00052EPSS

CVE•added 2026/05/23 11:0 a.m.•31 views

CVE-2026-9299

Summary: CVE-2026-9299 affects omec-project amf up to 2.1.1. The vulnerability lies in the function PDUSessionResourceModifyIndication in /go/src/amf/ngap/handler.go, where input handling leads to memory corruption. This enables remote exploitation, and publicly available exploits have been publi...

6.5CVSS6.1AI score0.00052EPSS

Vulnrichment•added 2026/05/23 11:0 a.m.•6 views

CVE-2026-9299 omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption

6.5CVSS6.1AI score0.00052EPSS

Positive Technologies•added 2026/05/23 12:0 a.m.•9 views

PT-2026-42877

6.5CVSS6.1AI score0.00052EPSS

Vulnrichment•added 2026/05/21 1:3 p.m.•6 views

CVE-2026-34926

A directory traversal vulnerability in the Apex One on-premise server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex...

6.7CVSS5.9AI score0.01018EPSS