CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/13 2:12 p.m.•6 views

CVE-2026-40067 BIG-IP APM Vulnerability

When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00098EPSS

OSV•added 2026/05/13 11:30 a.m.•6 views

MINI-X27H-CXG7-288P

Bulletin has no description...

5.7AI score

GithubExploit•added 2026/05/13 9:23 a.m.•63 views

LuxeMart-

No d...

5.8AI score

ATTACKERKB•added 2026/05/12 10:33 p.m.•6 views

CVE-2026-44548

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records,...

Exploits0References2Affected Software1

CVE•added 2026/05/12 10:33 p.m.•15 views

CVE-2026-44548

CVE-2026-44548 affects ChurchCRM up to version 7.3.1. A top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php can cause a logged-in user with the relevant role to silently delete records, including cascaded property...

EUVD•added 2026/05/12 10:33 p.m.•8 views

EUVD-2026-29885

OSV•added 2026/05/12 3:48 a.m.•2 views

MINI-J349-2WC9-8PXF

Bulletin has no description...

6.1CVSS5.7AI score0.00011EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40464

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.3.2 Description Top-level cross-site GET navigation from an attacker-controlled page to the endpoints "FundRaiserDelete.php", "PropertyTypeDelete.php", or "NoteDelete.php" allows a logged-in user with the...

vulnersOsv•added 2026/05/11 9:0 p.m.•4 views

Exploits0References4

@tanstack/solid-start (>=1.121.0-alpha.28 <=1.167.62) potentially affected by CVE-2026-45321 via @tanstack/solid-start-client (>=1.121.0-alpha.28 <=1.166.5)

@tanstack/solid-start-client NPM version =1.121.0-alpha.28, =1.121.0-alpha.28, =1.167.62 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKSOLIDSTARTCLIENT-16640233...

9.6CVSS8AI score0.17051EPSS

Exploits3

RedhatCVE•added 2026/05/11 8:26 p.m.•7 views

CVE-2026-42291

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

6.8CVSS5.8AI score0.0003EPSS

OSV•added 2026/05/11 7:33 p.m.•4 views

MINI-F752-X5C6-27P7

Bulletin has no description...

6.1CVSS5.7AI score0.00011EPSS

OSV•added 2026/05/11 7:32 p.m.•2 views

MINI-433P-7P64-4WRW

Bulletin has no description...

7.5CVSS5.7AI score0.00021EPSS