CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

89 matches found

CVE-2026-0141

CVE-2026-0141 describes a likely out-of-bounds read in decodeAppPacket of RtcpAppPacket.cpp caused by a missing bounds check. The vulnerability enables a remote information disclosure without requiring additional execution privileges and without user interaction. Public references in the provided...

4.3CVSS5.7AI score0.002EPSS

Exploits0References1Affected Software1

NVD•added 5 days ago•4 views

CVE-2026-42752

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

6.5CVSS0.00222EPSS

Exploits0References1

Snyk•added 2026/04/03 4:8 a.m.•2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...

9.8CVSS6.3AI score0.00683EPSS

Exploits1References2

Vulnrichment•added 2026/03/27 12:38 a.m.•2 views

CVE-2026-33890 MyTube has an Unauthenticated Admin Privilege Escalation via Passkey Registration

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrary passkey and subsequently authenticate with it to obtain a full admin session. The application exposes passkey registration endpoints without...

9.3CVSS6AI score0.00492EPSS

Exploits1References2

Cvelist•added 2026/03/23 11:47 p.m.•22 views

CVE-2026-33282 Ella Core panics on malformed NGAP Location Report

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with ue-presence-in-area-of-interest event type and omitting the optional UEPresenceInAreaOfInterestList IE. An attacker able to send crafted NGAP messages t...

7.5CVSS0.00396EPSS

Exploits0References1

ATTACKERKB•added 2026/02/02 2:1 p.m.•7 views

CVE-2026-1761

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

8.6CVSS6.7AI score0.00947EPSS

Exploits0References23

Vulnrichment•added 2026/01/13 12:0 a.m.•2 views

CVE-2025-69992

phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication...

6.7AI score0.00508EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:53 a.m.•6 views

CVE-2021-27251

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a...

8.8CVSS7.3AI score0.00731EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:35 a.m.•7 views

CVE-2020-10887

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper...

9.8CVSS6.7AI score0.04105EPSS

Exploits0References1

NVD•added 2025/12/23 10:15 p.m.•2 views

CVE-2025-12491

Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

7.5CVSS0.00464EPSS

Exploits0References1