CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

6.5CVSS6.6AI score0.03643EPSS

Exploits1References2

Nuclei•added 10 hours ago•22 views

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...

9.8CVSS8.1AI score0.10371EPSS

Exploits8References3

Nuclei•added 10 hours ago•10 views

Mongoose < 8.8.3 - Remote Code Execution

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. id: CVE-2024-53900 info: name: Mongoose 8.8.3 - Remote Code Execution author: h4mg severity: critical description: | Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. impact...

9.1CVSS7.5AI score0.03911EPSS

Exploits3References5

Nuclei•added 10 hours ago•21 views

Adobe Commerce (Magento) - Remote Code Execution

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. id: CVE-2022-24086 info: name:...

10CVSS7.8AI score0.99199EPSS

Exploits5References4

OSV•added yesterday•2 views

CGA-68JJ-7999-6X26

Bulletin has no description...

5.3CVSS5.7AI score0.0035EPSS

Exploits0

EUVD•added yesterday•9 views

EUVD-2026-31395

golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed...

9.1CVSS5.8AI score0.00373EPSS

Exploits0References6

OSV•added yesterday•4 views

DEBIAN-CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score

Exploits0References1

OSV•added yesterday•3 views

DEBIAN-CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS5.8AI score0.00015EPSS

Exploits0References1

OSV•added yesterday•4 views

DEBIAN-CVE-2026-46608

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS5.8AI score0.00032EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by