CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/05 12:0 a.m.•10 views

PT-2026-47065

Name of the Vulnerable Software and Affected Versions Admin Columns versions prior to 7.0.19 Description The plugin is subject to PHP Object Injection, which can lead to Remote Code Execution. This occurs because the get ids from string function in the IdsToCollection class uses unserialize witho...

8.8CVSS6.3AI score0.00523EPSS

Exploits0References13

Patchstack•added 2026/06/05 12:0 a.m.•5 views

WordPress Admin Columns plugin <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution vulnerability

Authenticated Contributor+ PHP Object Injection to Remote Code Execution vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Admin Columns versions = 7.0.18...

8.8CVSS5.7AI score0.00523EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/06/05 12:0 a.m.•9 views

PT-2026-47087

Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/agents/agent id gate access on require workspace memberworkspace id only, then resolve agent id through AgentService.getagent id which is a primary-key lookup with no workspace...

8.3CVSS5.5AI score

Exploits0References3

Vulnrichment•added 2026/06/04 11:59 p.m.•5 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS5.5AI score0.00048EPSS

OSV•added 2026/06/04 11:17 p.m.•4 views

DEBIAN-CVE-2026-11152

Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.5AI score0.00073EPSS

Exploits0References1

ATTACKERKB•added 2026/06/04 11:5 p.m.•4 views

CVE-2026-11179

Inappropriate implementation in ORB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00031EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/06/04 11:5 p.m.•4 views

CVE-2026-11152

Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00073EPSS

Debian CVE•added 2026/06/04 11:5 p.m.•5 views

CVE-2026-11152

Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.5AI score0.00073EPSS

Exploits0

CVE•added 2026/06/04 11:5 p.m.•8 views

CVE-2026-11152

The CVE refers to an object lifecycle issue in Dawn within Google Chrome, exploitable before version 149.0.7827.53. A remote attacker could potentially perform a sandbox escape via a crafted HTML page. The Chromium note marks the security severity as Medium. Affected component: Dawn in Google Chr...

9.6CVSS5.8AI score0.00073EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/04 11:5 p.m.•24 views

CVE-2026-11152

Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

0.00073EPSS

ATTACKERKB•added 2026/06/04 11:5 p.m.•5 views

CVE-2026-11152

Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00073EPSS

Exploits0References3Affected Software1

Debian CVE•added 2026/06/04 11:4 p.m.•4 views

CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00011EPSS

Exploits0

Patchstack•added 2026/06/04 2:55 p.m.•5 views

WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by dutafi in WordPress Plugin Thrive Apprentice versions 10.8.10.2...

Patchstack•added 2026/06/04 2:47 p.m.•5 views

WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Moderno versions 1.43...

Patchstack•added 2026/06/04 2:5 p.m.•5 views

WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.4.3...

Patchstack•added 2026/06/04 2:5 p.m.•6 views

WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Contact Form 7 HubSpot versions = 1.3.7...

Patchstack•added 2026/06/04 2:3 p.m.•5 views

WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.1.8...

Patchstack•added 2026/06/04 1:55 p.m.•4 views

WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by longnv719 in WordPress Plugin Happyforms versions = 1.26.13...