CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2 days ago•9 views

CVE-2026-56385

Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...

5.3CVSS

Exploits0References3

Cvelist•added 2 days ago•29 views

CVE-2026-56385 Craft CMS - Authorization Bypass in assets/preview-file Endpoint

5.3CVSS

Exploits0References3

Github Security Blog•added 2026/06/16 9:5 p.m.•5 views

Daytona: Public sandbox previews remain accessible for up to one hour after being made private

Summary Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. Impact When a sandbox owner changed a preview from...

7CVSS5.8AI score0.00207EPSS

Exploits0References2Affected Software1

Microsoft KB•added 2026/06/09 2:0 p.m.•136 views

June 9, 2026—KB5095051 (OS Build 28000.2269)

June 9, 2026—KB5095051 OS Build 28000.2269 This cumulative update for Windows 11, version 26H1 KB5095051 includes the latest security fixes and improvements, along with non-security updates from last month's optional preview release. Visit the Windows release health dashboard for the latest...

9.8CVSS6.3AI score0.02536EPSS

Exploits2

RedhatCVE•added 2026/06/05 7:29 p.m.•6 views

CVE-2026-31956

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...

4.3CVSS5.5AI score0.00193EPSS

RedhatCVE•added 2026/06/05 7:12 p.m.•6 views

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.3AI score0.00211EPSS

Tenable Nessus•added 2026/05/30 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives ...

6.5CVSS5.9AI score0.00343EPSS

Exploits0References3

NVD•added 2026/05/28 1:16 p.m.•15 views

CVE-2026-9818

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0

RedhatCVE•added 2026/05/27 8:13 p.m.•10 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

RedhatCVE•added 2026/05/27 2:12 a.m.•10 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.4CVSS5.8AI score0.00199EPSS

EUVD•added 2026/05/26 7:43 p.m.•10 views

EUVD-2026-31972

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS5.9AI score0.00343EPSS

NVD•added 2026/05/26 6:16 p.m.•14 views

CVE-2026-44667

8.7CVSS0.00211EPSS

EUVD•added 2026/05/26 5:43 p.m.•12 views

EUVD-2026-31943

ATTACKERKB•added 2026/05/26 5:43 p.m.•6 views

CVE-2026-44669

Exploits0References3Affected Software1

Cvelist•added 2026/05/26 5:43 p.m.•27 views

CVE-2026-44669 Faction: Stored XSS in Assessment Attachment Filename Preview Rendering

8.7CVSS0.00211EPSS

CVE•added 2026/05/26 5:43 p.m.•19 views

CVE-2026-44669

CVE-2026-44669 affects FACTION, a PenTesting Report Generation and Collaboration Framework. Before version 1.8.3, it is vulnerable to stored XSS in attachment filenames used in the assessment file preview flow. User-supplied filename values are persisted server-side and later rendered into HTML/a...

Cvelist•added 2026/05/26 5:42 p.m.•35 views

CVE-2026-44667 Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering

8.7CVSS0.00211EPSS

EUVD•added 2026/05/26 5:42 p.m.•9 views

EUVD-2026-31942