CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/27 12:0 a.m.•4 views

Phoenix Contact多款产品代码问题漏洞

PHOENIX CONTACT AXC F 1152 and PHOENIX CONTACT AXC F 2152 are controller devices from the German company PHOENIX CONTACT. Several products from Phoenix Contact have code vulnerabilities. These vulnerabilities allow low-privilege local users to manipulate configuration or application-related files...

8.7CVSS5.9AI score0.00033EPSS

RedhatCVE•added 2026/05/21 7:57 p.m.•2 views

CVE-2026-8469

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

8.2CVSS5.8AI score0.00056EPSS

RedhatCVE•added 2026/05/21 7:57 p.m.•3 views

CVE-2026-47068

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex read...

RedhatCVE•added 2026/05/21 7:57 p.m.•5 views

CVE-2026-8467

Code Injection vulnerability in phenixdigital phoenixstorybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handleevent/3...

NVD•added 2026/05/20 2:17 p.m.•7 views

CVE-2026-8469

8.2CVSS0.00056EPSS

NVD•added 2026/05/20 2:17 p.m.•7 views

CVE-2026-8467

9.5CVSS0.00406EPSS

NVD•added 2026/05/20 2:17 p.m.•6 views

CVE-2026-47068

2.3CVSS0.00054EPSS

Vulnrichment•added 2026/05/20 1:35 p.m.•3 views

CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook

CVE•added 2026/05/20 1:35 p.m.•8 views

CVE-2026-47068

The vulnerability is an Authorization Bypass in phoenix_storybook: Elixir.PhoenixStorybook.Story.ComponentIframeLive reads topic from params and broadcasts the iframe process PID on that PubSub topic without verifying session ownership, enabling cross-session topic injection. An attacker can load...

Cvelist•added 2026/05/20 1:35 p.m.•36 views

CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook

2.3CVSS0.00054EPSS

OSV•added 2026/05/20 1:35 p.m.•1 views

EEF-CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook

Summary Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in...

EUVD•added 2026/05/20 1:35 p.m.•3 views

EUVD-2026-31111

ATTACKERKB•added 2026/05/20 1:35 p.m.•4 views

CVE-2026-47068

Exploits0References5Affected Software1

ATTACKERKB•added 2026/05/20 1:35 p.m.•7 views

CVE-2026-8467

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/20 1:35 p.m.•4 views

CVE-2026-8467 Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

OSV•added 2026/05/20 1:35 p.m.•1 views

EEF-CVE-2026-8467 Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

Summary Code Injection vulnerability in phenixdigital phoenixstorybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in...

EUVD•added 2026/05/20 1:35 p.m.•5 views

EUVD-2026-31112

Cvelist•added 2026/05/20 1:35 p.m.•33 views

CVE-2026-8467 Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground

9.5CVSS0.00406EPSS