CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

125298 matches found

OSV•added 2026/05/08 4:54 p.m.•3 views

GHSA-W9F3-QC75-QGX9 PrestaShop has a stored XSS executable in customer service view

Impact This is a stored Cross-site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The payload is stored in the database and executed when a back-office employee open...

9.3CVSS5.8AI score0.00307EPSS

Exploits0References2

Github Security Blog•added 2026/05/08 4:54 p.m.•8 views

PrestaShop has a stored XSS executable in customer service view

9.3CVSS5.8AI score0.00307EPSS

Exploits0References2Affected Software1

OSV•added 2026/05/08 3:41 p.m.•1 views

GHSA-JP94-3292-C3XV Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

Summary When the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET request that results in a session timeout. An attacker who hosts a page with an...

6.1CVSS6AI score0.00318EPSS

Exploits0References5

Github Security Blog•added 2026/05/08 3:41 p.m.•6 views

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

6.1CVSS6AI score0.00318EPSS

Exploits0References5Affected Software1

EUVD•added 2026/05/08 3:31 p.m.•9 views

EUVD-2026-28773

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix crash when moving to switchdev mode When moving to switchdev mode when the device doesn't support IPsec, we try to clean up the IPsec resources anyway which causes the crash below, fix that by correctly checking for...

5.7AI score0.00114EPSS

Exploits0References5

EUVD•added 2026/05/08 3:31 p.m.•5 views

EUVD-2026-28771

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...

5.9AI score0.00414EPSS

Exploits0References4

EUVD•added 2026/05/08 3:31 p.m.•8 views

EUVD-2026-28770

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag correct...

5.9AI score0.00402EPSS

Exploits0References4

EUVD•added 2026/05/08 3:31 p.m.•4 views

EUVD-2026-28671

In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized liclogroundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff value to 512. This leads to corrupt logs and unmountable filesystems in generic/617 on a disk with 4k...

5.7AI score0.00414EPSS

Exploits0References8

EUVD•added 2026/05/08 3:31 p.m.•8 views

EUVD-2026-28558

In the Linux kernel, the following vulnerability has been resolved: ext4: move ext4percpuparaminit before ext4mbinit When running kvm-xfstests -c ext4/1k -C 1 generic/383 with the DOUBLECHECK macro defined, the following panic is triggered:...

5.9AI score0.0013EPSS

Exploits0References6