CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/12 8:25 p.m.•5 views

CVE-2026-44011

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/12 8:25 p.m.•6 views

CVE-2026-44011 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

CVE•added 2026/05/12 8:25 p.m.•8 views

CVE-2026-44011

Craft CMS versions 4.0.0–4.17.11 and 5.0–5.9.17 contain an input-handling flaw in a Yii object creation path that lets an authenticated user inject malicious configuration and execute arbitrary commands. The issue arises because the request-controlled field layouts data is converted into a live F...

OSV•added 2026/05/06 5:54 p.m.•1 views

GHSA-QRGM-P9W5-RRFW Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior

We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in...

Snyk•added 2026/05/06 5:54 p.m.•7 views

Exploits0References5

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the condition process. An attacker can execute arbitrary commands on the server by injecting malicious...

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в postgresql-11

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

8.8CVSS7.6AI score0.23757EPSS

EUVD•added 2026/04/15 9:30 p.m.•0 views

EUVD-2026-23007

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...

8.4CVSS5.8AI score0.00014EPSS

OSV•added 2026/04/03 1:27 p.m.•0 views

JLSEC-2026-27

8.8CVSS6.8AI score0.23757EPSS

Exploits0References10

OSV•added 2026/03/25 10:27 a.m.•1 views

CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects

In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...

4.7CVSS5.8AI score0.00014EPSS

Exploits0References6

RedhatCVE•added 2026/03/04 1:56 a.m.•2 views

CVE-2025-52998

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's...

9.8CVSS6AI score0.00231EPSS

Exploits0References1

NVD•added 2026/03/02 4:16 p.m.•2 views

CVE-2025-52998

9.8CVSS0.00231EPSS

Vulnrichment•added 2026/03/02 3:54 p.m.•1 views

CVE-2025-52998 Chamilo: PHAR deserialization bypass

7CVSS5.9AI score0.00231EPSS

Cvelist•added 2026/03/02 3:54 p.m.•15 views

CVE-2025-52998 Chamilo: PHAR deserialization bypass

7CVSS0.00231EPSS

F5 Networks•added 2026/02/20 4:23 p.m.•11 views

K000160103: PostgreSQL vulnerability CVE-2022-2625

Security Advisory Description A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait...

8CVSS5.9AI score0.00973EPSS

Exploits0

Tenable Nessus•added 2026/01/20 12:0 a.m.•1 views

MiracleLinux 8 : ruby:2.5 (AXSA:2021-2345:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2345:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

8.1CVSS8.2AI score0.05892EPSS

Exploits2References9

OSV•added 2025/12/24 11:16 a.m.•0 views

UBUNTU-CVE-2025-68730

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix page fault in ivpubounbindallbosfromcontext Don't add BO to the vdev-bolist in ivpugemcreateobject. When failure happens inside drmgemshmemcreate, the BO is not fully created and ivpugembofree callback will not be...

5.7AI score0.00023EPSS

Exploits0References11

Positive Technologies•added 2025/12/24 12:0 a.m.•1 views

PT-2025-53053

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the RDMA/irdma component of the Linux kernel related to PBLE Persistent Binding List Entry objects. When the irdma module is removed, the memory allocated for the...

7.8CVSS6.2AI score0.00249EPSS

Exploits2References896

NVD•added 2025/12/19 5:15 p.m.•2 views

CVE-2025-65035

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions database write access must first be obtained through another vulnerability or misconfiguration...

6.4CVSS0.00056EPSS