CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7569 matches found

CVE•added 2026/04/01 9:30 p.m.•3 views

CVE-2026-34570

CI4MS is a CodeIgniter 4-based CMS skeleton. Before 0.31.0.0, it does not immediately revoke active sessions when an account is deleted due to a backend logic flaw that enforces account state changes only during login, leaving existing sessions trusted. There is no session or account expiration m...

8.8CVSS5.8AI score0.00035EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/01 8:41 p.m.•2 views

CVE-2026-34530 File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...

6.9CVSS5.8AI score0.0003EPSS

Exploits1References2

RedhatCVE•added 2026/04/01 7:21 a.m.•0 views

CVE-2026-33987

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A memory corruption vulnerability exists in the persistent cache handling. If a memory reallocation fails, an internal size variable is incorrectly updated, while the data pointer still refers to the original,...

7.8CVSS6.1AI score0.00022EPSS

Exploits0References5

OSV•added 2026/04/01 12:13 a.m.•0 views

GHSA-37FQ-47QJ-6J5J YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"

Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...

7.1CVSS6AI score0.00082EPSS

Exploits1References4

OSV•added 2026/04/01 12:9 a.m.•3 views

GHSA-V77R-XG3P-75G7 CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Methods Management Fields Global Persistent Payload Execution - Stored Cross-Site Scripting via Unsanitized Method Creation and Management Inputs - Automatic Execution Across All Pages Where Method Is Rendered in Navigation Description The application fai...

9.1CVSS6.3AI score0.00025EPSS

Exploits1References3

Positive Technologies•added 2026/04/01 12:0 a.m.•20 views

PT-2026-29496

7.1CVSS6.1AI score0.00082EPSS

Exploits1References7

OSV•added 2026/04/01 12:0 a.m.•1 views

ASB-A-456471290

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.2CVSS6AI score0.00007EPSS

Exploits0References3

Snyk•added 2026/03/31 11:45 p.m.•3 views

Cross-site Scripting (XSS)

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the branding.name field on SPA index page in File Browser. An attacker can execute arbitrary JavaScript in the context of all users, includin...

6.9CVSS6AI score0.0003EPSS

Exploits1References2

SUSE CVE•added 2026/03/31 11:27 p.m.•3 views

SUSE CVE-2026-33987

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistentcachereadentryv3 in libfreerdp/cache/persistent.c, persistent-bmpSize is updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This...

5.5CVSS5.8AI score0.00022EPSS

Exploits0References4

Microsoft Secure•added 2026/03/31 5:0 p.m.•2 views

The threat to critical infrastructure has changed. Has your readiness?

Critical infrastructure CI organizations underpin national security, public safety, and the economy. In 2026, the cyber threat landscape facing these sectors is structurally different than it was even two years ago. What Microsoft Threat Intelligence is observing across critical infrastructure...

6AI score

Exploits0

Microsoft Secure•added 2026/03/31 5:0 p.m.•2 views

The threat to critical infrastructure has changed. Has your readiness?

5.9AI score

Exploits0

NVD•added 2026/03/31 9:16 a.m.•1 views

CVE-2026-3107

Stored Cross-Site Scripting XSS in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicio...

9.3CVSS0.00039EPSS

Exploits0References1

RedHat Linux•added 2026/03/31 7:30 a.m.•1 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

7.5CVSS7.1AI score0.00045EPSS

Exploits1References4

NVD•added 2026/03/30 10:16 p.m.•4 views

CVE-2026-33987

7.1CVSS0.00022EPSS

Exploits0References2

CVE•added 2026/03/30 9:43 p.m.•10 views

CVE-2026-33987

CVE-2026-33987 is documented by Debian as “Persistent Cache bmpSize Desync - Heap OOB Write.” The connected document provides this descriptor but no additional technical details (affected product, versions, exploitation status, or fixes). Therefore, current information confirms a heap-based out-o...

7.1CVSS5.8AI score0.00022EPSS

Exploits0References2Affected Software1