CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 6 days ago•8 views

CVE-2026-44285

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

7.7CVSS0.00028EPSS

OSV•added 2026/05/26 7:31 p.m.•10 views

JLSEC-2026-549

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file...

5.5CVSS5.8AI score0.00013EPSS

Exploits0References4

RedHat Linux•added 2026/05/26 7:42 a.m.•12 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.3AI score0.00048EPSS

Exploits0References5

Tenable Nessus•added 2026/05/21 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-3073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

RedHat Linux•added 2026/05/20 4:56 p.m.•5 views

Exploits0References2

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7.2AI score0.0001EPSS

Exploits0References8

OSV•added 2026/05/18 6:10 a.m.•6 views

BIT-GITLAB-2026-3607 Access Control Check Implemented After Asset is Accessed in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control...

CVE•added 2026/05/17 12:12 p.m.•9 views

Exploits0References4

CVE-2018-25334

CVE-2018-25334 concerns Zechat 1.5 with a Cross-Site Request Forgery (CSRF) vulnerability that can bypass anti-CSRF protections via the hashtag parameter, enabling an attacker to induce unauthorized changes to user data. The root cause is described as exploitation of a CSRF token mechanism when a...

5.4CVSS5.8AI score0.00015EPSS

NVD•added 2026/05/14 5:16 p.m.•8 views

CVE-2025-62313

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...

5.4CVSS0.00029EPSS

Cvelist•added 2026/05/14 4:7 p.m.•30 views

CVE-2025-62313 HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced.

5.4CVSS0.00029EPSS

NVD•added 2026/05/14 6:16 a.m.•3 views

CVE-2026-3073

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass PyPI package protection rules and upload restricted packages due to...

4.3CVSS0.00011EPSS

UbuntuCve•added 2026/05/14 6:16 a.m.•5 views

CVE-2026-3073

EUVD•added 2026/05/14 5:36 a.m.•5 views

Exploits0References4

EUVD-2026-30224

ATTACKERKB•added 2026/05/14 5:36 a.m.•1 views

CVE-2026-3073

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/14 5:35 a.m.•5 views

CVE-2026-3607 Access Control Check Implemented After Asset is Accessed in GitLab

CNNVD•added 2026/05/14 12:0 a.m.•4 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from incorrect configuration of certain security-related HTTP response headers. This issue may reduce the effectiveness of browser-based security controls and...

2.3CVSS5.8AI score0.00021EPSS

Positive Technologies•added 2026/05/14 12:0 a.m.•5 views

PT-2026-40861

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.6 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Improper authorization checks allow an authenticated user with developer-role permissions to bypass...

Positive Technologies•added 2026/05/14 12:0 a.m.•4 views

Exploits0References5

PT-2026-40956

5.4CVSS5.8AI score0.00029EPSS

Exploits0References2

RedhatCVE•added 2026/05/13 8:23 p.m.•2 views

CVE-2026-8429

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

8.8CVSS6.6AI score0.00222EPSS