CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7637 matches found

Positive Technologies•added 2026/05/21 12:0 a.m.•7 views

PT-2026-42678

Name of the Vulnerable Software and Affected Versions NocoDB affected versions not specified Description An authorization bypass occurs because shared-base sessions are granted the same capabilities as authenticated viewers. By using the shared-base UUID xc-shared-base-id, an attacker can enumera...

5.8CVSS5.9AI score0.00037EPSS

Exploits0References5

ATTACKERKB•added 2026/05/20 8:7 p.m.•4 views

CVE-2026-9144

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

8.4CVSS5.9AI score0.00441EPSS

Exploits0References3

Vulnrichment•added 2026/05/20 8:7 p.m.•6 views

CVE-2026-9144 Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface

8.4CVSS5.9AI score0.00441EPSS

Exploits0References2

EUVD•added 2026/05/20 8:7 p.m.•8 views

EUVD-2026-31191

8.4CVSS5.9AI score0.00441EPSS

Exploits0References2

OSV•added 2026/05/20 4:44 p.m.•4 views

MAL-2026-4186 Malicious code in @doctolib-apps/native-personalized-services (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac2da4b8de2ea081f8fe7b84ef6182ab363616dc0515aaa03368bcba4a4b8e76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в 389-ds-base

A double-free was detected in the way that 389-ds-base handles virtual attribute contexts during persistent searches. An attacker could send a series of search requests, causing the server to behave unexpectedly and potentially crashing it...

7.5CVSS6.8AI score0.02038EPSS

Exploits0References2

OSV•added 2026/05/20 1:0 a.m.•5 views

MAL-2026-4532 Malicious code in code-tool-langfuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13591fd81486fc2001b5c998ff87badefcb81f4c396aa43675a7280a6fed23cf The package installs a Claude Code Stop hook and patches OpenCode plugin code so that every future AI session's user prompts, assistant responses, to...

5.8AI score

Exploits0References5

Positive Technologies•added 2026/05/20 12:0 a.m.•10 views

PT-2026-42264

8.4CVSS5.9AI score0.00441EPSS

Exploits0References3

NVD•added 2026/05/19 6:16 p.m.•14 views

CVE-2026-47107

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

8.6CVSS0.0024EPSS

Exploits0References4

EUVD•added 2026/05/19 4:42 p.m.•14 views

EUVD-2026-30958

9.6CVSS6AI score0.0024EPSS

Exploits0References4

RedHat Linux•added 2026/05/19 4:22 p.m.•9 views

FreeRDP: FreeRDP: Memory corruption vulnerability allows denial of service or arbitrary code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A memory corruption vulnerability exists in the persistent cache handling. If a memory reallocation fails, an internal size variable is incorrectly updated, while the data pointer still refers to the original,...

7.1CVSS6AI score0.001EPSS

Exploits0References6

CVE•added 2026/05/19 12:35 a.m.•19 views

CVE-2026-33232

The CVE-2026-33232 flaw affects AutoGPT Platform (versions 0.4.2–0.6.51). The issue is an unauthenticated DoS caused by the download_agent_file endpoint creating persistent temporary files per request and failing to delete them after serving, enabling an unauthenticated attacker to repeatedly exh...

7.5CVSS5.8AI score0.00396EPSS

Exploits0References2

EUVD•added 2026/05/19 12:35 a.m.•14 views

EUVD-2026-30819

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service DoS through the server due to uncontrolled disk space consumption. The downloadagentfile...

7.5CVSS5.8AI score0.00396EPSS

Exploits0References2

OSV•added 2026/05/19 12:0 a.m.•3 views

MAL-2026-3967 Malicious code in @antv/g-webgpu (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•11 views

Malicious code in @antv/f2-wx (npm)

5.8AI score

Exploits0References4

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-42018

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS5.8AI score0.00216EPSS

Exploits0References3

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•12 views

Malicious code in @antv/github-config-cli (npm)

5.8AI score

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/gi-sdk (npm)

5.8AI score

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/smart-color (npm)