CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/01 12:0 a.m.•12 views

PT-2026-45489

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/projects/project id and GET .../project id/stats gate access on require workspace memberworkspace id only, then resolve project id through ProjectService.getproject id /...

8.1CVSS5.8AI score0.00032EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•10 views

PT-2026-45651

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description An Insecure Direct Object Reference IDOR issue in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users. This occurs due to insufficie...

5.4CVSS5.5AI score0.00024EPSS

Exploits0References4

Tenable Nessus•added 2026/06/01 12:0 a.m.•11 views

Debian dsa-6312 : php-symfony - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6312 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6312-1 [email protected] https://www.debian.org/securit...

7.3CVSS7.4AI score0.86622EPSS

Exploits0References46

CNNVD•added 2026/06/01 12:0 a.m.•5 views

Kiteworks security vulnerabilities

Kiteworks is a secure private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.3.0 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references, which could allow authenticated users to...

3.7CVSS5.8AI score0.00033EPSS

CNNVD•added 2026/06/01 12:0 a.m.•6 views

Kiteworks security vulnerabilities

4.3CVSS5.8AI score0.00031EPSS

CNNVD•added 2026/06/01 12:0 a.m.•8 views

Kiteworks security vulnerabilities

5.4CVSS5.8AI score0.00024EPSS

CNNVD•added 2026/06/01 12:0 a.m.•6 views

Logback security vulnerabilities

Logback is a reliable, versatile, fast, and flexible Java logging framework developed by QOS.CH. Versions of Logback prior to 1.5.33 contain security vulnerabilities, which stem from the deserialization of untrusted data. This can lead to object injection, even though strict restrictions are in...

6.3CVSS5.8AI score0.00113EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•9 views

PT-2026-45488

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspace id/issues/issue id/comments and GET .../comments gate access on require workspace memberworkspace id only, then call CommentService.createissue id=issue id, ... and CommentService.list for issueissue ...

8.1CVSS5.9AI score0.00032EPSS

Metasploit•added 2026/05/31 7:2 p.m.•92 views

Windows Kernel Pointer Exposure Enumerator

This module enumerates kernel object pointers exposed via NtQuerySystemInformation with SystemExtendedHandleInformation. It categorizes exposed pointers by object type and provides observational data about kernel address space layout for research and educational purposes. Module Options msf use...

5.8AI score

Positive Technologies•added 2026/05/31 12:0 a.m.•9 views

PT-2026-45221

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated remotely...

6.5CVSS6.4AI score0.00031EPSS

Exploits0References6

Rockylinux•added 2026/05/30 6:3 p.m.•13 views

firefox security update

An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

9.8CVSS5.9AI score0.00109EPSS

SUSE CVE•added 2026/05/30 2:15 a.m.•8 views

SUSE CVE-2026-10016

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00139EPSS

RedhatCVE•added 2026/05/30 2:12 a.m.•9 views

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00023EPSS

Microsoft CVE•added 2026/05/29 11:21 p.m.•8 views

Chromium: CVE-2026-10016 Use after free in DOM

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.8AI score0.00139EPSS

Microsoft CVE•added 2026/05/29 11:19 p.m.•7 views

Chromium: CVE-2026-9897 Use after free in DOM

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.8AI score0.00139EPSS