CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/29 6:58 a.m.•30 views

CVE-2026-4776

7.1CVSS0.00033EPSS

Vulnrichment•added 2026/05/29 6:58 a.m.•6 views

CVE-2026-4776

ATTACKERKB•added 2026/05/29 6:58 a.m.•7 views

CVE-2026-4776

CVE•added 2026/05/29 6:58 a.m.•12 views

CVE-2026-4776

An SQL injection in Mautic’s API contact filtering was reported. The flaw arises from insufficient recursive sanitization of nested query parameters, allowing an authenticated API user to bypass input filtering and inject arbitrary SQL commands. Documents do not specify affected versions, exact v...

EUVD•added 2026/05/29 6:58 a.m.•7 views

EUVD-2026-33256

SUSE CVE•added 2026/05/29 1:16 a.m.•7 views

SUSE CVE-2026-46131

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: check for nEPT/nNPT in slow flush hypercalls Checking isguestmodevcpu is incorrect, because translatenestedgpa is only valid if an L2 guest is running with nested EPT/NPT enabled. Instead use the same condition as...

5.5CVSS5.8AI score0.00024EPSS

Exploits0References3

Tenable Nessus•added 2026/05/29 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-46131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: x86: check for nEPT/nNPT in slow flush hypercalls Checking isguestmodevcpu is incorrect, because translatenestedgpa is only valid if an L2 guest is running...

5.8AI score0.00024EPSS

Exploits0References3

Positive Technologies•added 2026/05/29 12:0 a.m.•4 views

PT-2026-44757

Cvelist•added 2026/05/28 9:18 p.m.•29 views

CVE-2026-45403 AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2CVSS0.00018EPSS

Exploits1References2

Vulnrichment•added 2026/05/28 9:18 p.m.•7 views

CVE-2026-45403 AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory

2CVSS5.8AI score0.00018EPSS

Exploits1References2

RedhatCVE•added 2026/05/28 9:12 p.m.•8 views

CVE-2026-46131

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 virtualization module. An incorrect check for nested EPT/NPT Nested Extended Page Tables/Nested Nested Page Tables in slow flush hypercalls could lead to improper handling of L2 guests. This vulnerability arises because t...

5.5CVSS5.8AI score0.00024EPSS

Exploits0References4

Snyk•added 2026/05/28 4:50 p.m.•7 views

Cross-site Scripting (XSS)

Overview tinymce/tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of SVG namespace scope by the sanitizer. An attacker can execute arbitrary JavaScript by crafting a payload with neste...

8.7CVSS5.8AI score0.00033EPSS

Snyk•added 2026/05/28 4:50 p.m.•8 views

Cross-site Scripting (XSS)

Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of SVG namespace scope by the sanitizer. An attacker can execute arbitrary JavaScript by crafting a payload with nested SVG...

8.7CVSS5.9AI score0.00033EPSS

OSV•added 2026/05/28 4:2 p.m.•8 views

OPENSUSE-SU-2026:20831-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues - CVE-2026-42308: integer overflow in font processing can lead to denial of service bsc1265359. - CVE-2026-42309: heap buffer overflow when processing nested list coordinates bsc1265153. - CVE-2026-42310: infinite loop and resource exhausti...

5.5CVSS7.2AI score0.00015EPSS

Exploits0References6

CVE•added 2026/05/28 3:18 p.m.•13 views

CVE-2026-47760

CVE-2026-47760 affects TinyMCE before 7.1.0, where an XSS flaw arises from improper SVG namespace scope handling in the sanitizer. The issue allows a crafted payload using nested SVG elements to bypass attribute sanitization and execute arbitrary JavaScript. Affected versions are 6.8.0 up to, but...

8.7CVSS6AI score0.00033EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/28 3:18 p.m.•26 views

CVE-2026-47760 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

8.7CVSS0.00033EPSS