CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/20 3:35 p.m.•8 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the admin console endpoints such as /web/configuration/virtualServerEdit.jsf. An attacker can execute arbitrary syst...

9.1CVSS6AI score0.00819EPSS

Exploits1References3

NVD•added 2026/05/20 2:17 p.m.•16 views

CVE-2026-47068

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex read...

2.3CVSS0.00449EPSS

Vulnrichment•added 2026/05/20 1:35 p.m.•6 views

CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook

ATTACKERKB•added 2026/05/20 1:35 p.m.•8 views

CVE-2026-47068

Exploits0References5Affected Software1

OSV•added 2026/05/20 1:35 p.m.•5 views

EEF-CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook

Summary Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in...

CVE•added 2026/05/20 1:35 p.m.•23 views

CVE-2026-47068

The vulnerability is an Authorization Bypass in phoenix_storybook: Elixir.PhoenixStorybook.Story.ComponentIframeLive reads topic from params and broadcasts the iframe process PID on that PubSub topic without verifying session ownership, enabling cross-session topic injection. An attacker can load...

RedHat Linux•added 2026/05/20 11:36 a.m.•11 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7CVSS7AI score0.00216EPSS

Exploits0References7

RedHat Linux•added 2026/05/20 11:27 a.m.•10 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

7CVSS7AI score0.00216EPSS

Exploits0References7

GithubExploit•added 2026/05/20 8:36 a.m.•85 views

HOV4X

HOV4X HOVAX - 45 Modules Security Toolkit for Penetration Test...

9.8CVSS7AI score0.99677EPSS

Exploits100

GithubExploit•added 2026/05/20 8:12 a.m.•69 views

Exploit for Improper Handling of Length Parameter Inconsistency in Linux Linux_Kernel

CVE-2026-31635...

7.5CVSS6AI score0.00817EPSS

Exploits4

Vulnrichment•added 2026/05/20 7:41 a.m.•6 views

CVE-2026-9059 NextGEN Gallery - SQL Injection

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function 'cleancolumn' in the data mapper layer that uses a...

9.3CVSS6AI score0.00287EPSS

Exploits0References1

ATTACKERKB•added 2026/05/20 7:41 a.m.•6 views

CVE-2026-9059

9.3CVSS6AI score0.00287EPSS

CVE•added 2026/05/20 7:41 a.m.•16 views

CVE-2026-9059

NextGEN Gallery (WordPress) versions prior to 4.2.1 are vulnerable to an authenticated SQL injection. The issue is in the data mapper layer where _clean_column() uses a blacklist instead of a whitelist, allowing an authenticated attacker with the Administrator role (NextGEN Gallery overview capab...

9.3CVSS6AI score0.00287EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в mercurial

A vulnerability was discovered in Mercurial SCM 4.5.3/71.19.145.211. This vulnerability is considered problematic. It affects unknown code within the Web Interface component. Manipulating the cmd argument leads to cross-site scripting attacks. The attack can be initiated remotely. The exploit has...

5.3CVSS5.1AI score0.00486EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fixed parameter validation for packet data Since commit 9c328f54741b “net: nfc: nci: Added parameter validation for packet data”, communication with nci/nfc chips no longer works. The mentioned commit attempted to...

8.3CVSS5.3AI score0.00269EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в docker-registry

A flaw was discovered in the /v2/catalog endpoint located in the distribution/distribution directory. This endpoint accepts a parameter that controls the maximum number of records to be returned query string: n. This vulnerability allows a malicious user to submit an excessively large value for n...

6.5CVSS6.6AI score0.00938EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в openssl

Issue summary: Checking excessively long DH keys or parameters can be very slow. Applications that use functions such as DHcheck, DHcheckex, or EVPPKEYparamcheck to check DH keys or parameters may experience prolonged delays. If the keys or parameters being checked were obtained from an untrusted...

5.3CVSS6.8AI score0.02577EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: locking/csdlock: The csdlockdebug parameter should be changed from earlyparam to setup. The csdlockdebug kernel-boot parameter is processed by the earlyparam function csdlockdebug. If this parameter is set, csdlockdebug invokes...

5.5CVSS5.7AI score0.00203EPSS