CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 53 minutes ago•2 views

CVE-2026-47170 Garlic-Hub: SSRF vulnerability in uploadFromUrl endpoint

7.7CVSS

Nuclei•added 15 hours ago•40 views

OsTicket < 1.14.3 - Server Side Request Forgery

SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacker to add malicious files to the server or perform port scanning. id: CVE-2020-24881 info: name: OsTicket 1.14.3 - Server Side Request Forgery author: hnd3884 severity: critical description: | SSRF vulnerability exists in...

9.8CVSS7.7AI score0.91343EPSS

Exploits3References2

GithubExploit•added 4 days ago•51 views

bugbounty-toolkit

🎯 Bug Bounty Recon Toolkit Automated recon toolkit for author...

5.5AI score

RedhatCVE•added 6 days ago•6 views

CVE-2026-33234

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

5CVSS5.6AI score0.00042EPSS

Exploits0References1

RedhatCVE•added 6 days ago•6 views

CVE-2026-40566

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

4.1CVSS5.6AI score0.00033EPSS

Exploits0References1

RedhatCVE•added 6 days ago•7 views

CVE-2026-40500

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

6.8CVSS5.6AI score0.00013EPSS

Exploits0References1

GithubExploit•added 2026/06/02 3:28 p.m.•61 views

-CyberPentest-Plugin-Claude-Code

🔐 CyberPentest Plugin — Claude Code Plugin de pentest offen...

9.8CVSS7.2AI score0.94053EPSS

Exploits54

GithubExploit•added 2026/06/01 9:19 a.m.•53 views

web-enumerator

🔍 Web Enumeration & Attack Testing Tool A professional‑grade...

GithubExploit•added 2026/05/27 4:29 p.m.•60 views

ModuScan

| / | | | /...

GithubExploit•added 2026/05/27 8:5 a.m.•52 views

PHANTOM_old

PHANTOM Autonomous Penetration Testing Framework Recon -...

GithubExploit•added 2026/05/27 8:5 a.m.•73 views

PHANTOM

PHANTOM Autonomous Penetration Testing Framework Recon -...

GithubExploit•added 2026/05/23 12:43 p.m.•43 views

WannaCry-Netscanner

WannaCryNetScanner A simple python scanner to detect vulnerabl...

CVE•added 2026/05/20 7:5 p.m.•8 views

CVE-2026-39310

Trilium Notes Desktop (Electron) prior to 0.102.2 suffers an authentication bypass in the Clipper API. In versions 0.102.1 and earlier (Desktop v0.101.3), Trilium disables authentication middleware for the Clipper API when running in Electron, exposing endpoints such as /api/clipper/notes to the ...

8.6CVSS5.8AI score0.00072EPSS

GithubExploit•added 2026/05/20 8:8 a.m.•66 views

Luban-2040-v2

🛡️ Luban 2040 v2 Advanced Reconnaissance & Vulnerability...

10CVSS7.3AI score0.9438EPSS

Exploits75

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux - уязвимость в python2.7, python3.7

A flaw was discovered in Python, specifically in the FTP File Transfer Protocol client library when operating in PASV passive mode. The issue arises from how the FTP client defaults to trusting the host based on the PASV response. This flaw allows an attacker to create a malicious FTP server that...

5.3CVSS6.8AI score0.01057EPSS