CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28972 matches found

NVD•added 2026/04/07 8:16 p.m.•8 views

CVE-2026-39367

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

5.4CVSS0.00034EPSS

Exploits0References2

CVE•added 2026/04/07 7:50 p.m.•3 views

CVE-2026-32862

NI LabVIEW contains a memory corruption vulnerability (CVE-2026-32862) caused by an out-of-bounds write in ResFileFactory::InitResourceMgr(). The issue can lead to information disclosure or arbitrary code execution and requires a user to open a specially crafted VI file. Affected products: NI Lab...

8.5CVSS6.2AI score0.00022EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/07 7:22 p.m.•2 views

CVE-2026-39367

5.4CVSS5.8AI score0.00034EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/07 7:22 p.m.•0 views

CVE-2026-39367 WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

5.4CVSS5.8AI score0.00034EPSS

Exploits0References2

Cvelist•added 2026/04/07 7:22 p.m.•18 views

CVE-2026-39367 WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

5.4CVSS0.00034EPSS

Exploits0References2

Positive Technologies•added 2026/04/07 12:0 a.m.•3 views

PT-2026-30986

5.4CVSS5.8AI score0.00034EPSS

Exploits0References5

RedhatCVE•added 2026/04/06 5:0 p.m.•0 views

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00067EPSS

Exploits1References1

MSRC•added 2026/04/06 12:0 a.m.•2 views

Congratulations to the top MSRC 2026 Q1 security researchers!

Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...

5.9AI score

Exploits0

Snyk•added 2026/04/04 1:21 a.m.•2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the GET /api/v1/main/flows/search endpoint. An attacker can execute arbitrary operating system commands by injecting malicious SQL payloads that leverage PostgreSQL's COPY ... TO PROGRAM ... functionality after...

9.9CVSS6.2AI score0.00067EPSS

Exploits2References2

Positive Technologies•added 2026/04/04 12:0 a.m.•2 views

PT-2026-30348

NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the...

6.9CVSS6.2AI score0.00018EPSS

Exploits1References3

NVD•added 2026/04/03 11:17 p.m.•1 views

CVE-2026-34612

9.9CVSS0.00067EPSS

Exploits1References3

Vulnrichment•added 2026/04/03 10:39 p.m.•0 views

CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection

9.9CVSS6.1AI score0.00067EPSS

Exploits1References3

ATTACKERKB•added 2026/04/03 10:39 p.m.•1 views

CVE-2026-34612

9.9CVSS6.1AI score0.00067EPSS

Exploits1References4Affected Software1

CVE•added 2026/04/03 10:39 p.m.•12 views

CVE-2026-34612

Kestra (open-source event-driven orchestration platform) prior to version 1.3.7 contains a SQL Injection that enables Remote Code Execution via the GET /api/v1/main/flows/search endpoint. After authentication, a crafted link can trigger payload execution by PostgreSQL using COPY ... TO PROGRAM .....

9.9CVSS6.1AI score0.00067EPSS

Exploits1References3Affected Software1

EUVD•added 2026/04/03 10:39 p.m.•2 views

EUVD-2026-18903

9.9CVSS6.1AI score0.00067EPSS

Exploits1References3

CVE•added 2026/04/03 9:23 p.m.•55 views

CVE-2026-27456

CVE-2026-27456 affects util-linux mount(8): a TOCTOU race in the SUID mount when setting up loop devices allows a local user to trick mount into opening a root-owned target by replacing the source path during the brief window between validation and open. Exploitation requires an /etc/fstab entry ...

4.7CVSS5.8AI score0.00014EPSS

Exploits1References3Affected Software1

CVE•added 2026/04/03 3:16 p.m.•8 views

CVE-2025-64340

FastMCP (the MCP framework) is affected prior to version 3.2.0. A vulnerability arises when server names contain shell metacharacters (for example, &); this can trigger command injection on Windows during fastmcp install claude-code or fastmcp install gemini-cli. The install commands use subproce...

7.8CVSS5.8AI score0.00009EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/04/03 3:15 p.m.•1 views

CVE-2026-23453

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

5.8AI score0.00057EPSS

Exploits0References3Affected Software1

ICS•added 2026/04/02 6:0 a.m.•4 views

Yokogawa CENTUM VP

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...

2.1CVSS5.8AI score0.00024EPSS

Exploits0References13