CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 4 hours ago•5 views

PT-2026-47168

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been release...

6.5CVSS6.2AI score

Exploits0References6

6.5CVSS5.4AI score0.00426EPSS

CVE-2026-11339

A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in command injection. It is possible to launch the attack remotely. The exploit is now public and may ...

6.5CVSS5.1AI score0.00043EPSS

CVE-2026-11336

A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboardpage/adminpage.php of the component Admin Interface. The manipulation of the argument...

5.3CVSS4AI score0.00036EPSS

CVE-2026-11337

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

7.5CVSS5.2AI score0.00045EPSS

CVE-2026-11344

A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely...

RedhatCVE•added yesterday•6 views

CVE-2026-11333

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboardpage/forms/uploadstudentdata.php of the component Student Data...

6.5CVSS5.2AI score0.00043EPSS

RedhatCVE•added yesterday•8 views

CVE-2026-11334

A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...

7.5CVSS5.5AI score0.00033EPSS

NVD•added yesterday•7 views

CVE-2026-11436

A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mageai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirecturl results in cross site scripting. Remote...

5.3CVSS

ATTACKERKB•added yesterday•3 views

CVE-2026-11436

5.3CVSS4AI score

EUVD•added yesterday•5 views

EUVD-2026-34971

5.3CVSS4AI score

NVD•added yesterday•6 views

CVE-2026-11434

A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could...

4.8CVSS

EUVD•added yesterday•8 views

EUVD-2026-34970

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS7AI score

Cvelist•added yesterday•11 views

CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection

7.5CVSS

NVD•added yesterday•7 views

CVE-2026-11413

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function setmacfilter of the file /sbin/jdcwebrpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

9CVSS

Cvelist•added yesterday•14 views

CVE-2026-11434 FluentCMS Blocks Plugin blocks cross site scripting

4.8CVSS

RedhatCVE•added yesterday•10 views

CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

6.3CVSS5.5AI score0.00051EPSS

NVD•added yesterday•7 views

CVE-2026-11412

A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...

6.5CVSS0.00028EPSS

NVD•added yesterday•8 views

CVE-2026-11411

A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument displayname results in path traversal. The attack requires a local approach. The exploit has been...

4.8CVSS0.00015EPSS

EUVD•added yesterday•5 views

EUVD-2026-34967

6.5CVSS6.4AI score0.00028EPSS