CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 3 days ago•23 views

CVE-2026-45290 Cloudburst Network has DoS in RakNet connection handling due to missing bound checks

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260417.085727-30 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stal...

7.5CVSS0.0004EPSS

ATTACKERKB•added 2026/05/28 6:22 p.m.•5 views

CVE-2026-45332

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

7.5CVSS5.8AI score0.00058EPSS

Exploits1References2Affected Software1

NVD•added 2026/05/08 3:16 p.m.•7 views

CVE-2026-41576

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

7.1CVSS0.0008EPSS

Positive Technologies•added 2026/05/06 12:0 a.m.•5 views

PT-2026-37635

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

3.7CVSS5.8AI score0.00036EPSS

ATTACKERKB•added 2026/05/04 6:0 a.m.•1 views

CVE-2026-5335

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.3CVSS5.8AI score0.00013EPSS

Cvelist•added 2026/05/04 6:0 a.m.•28 views

CVE-2026-5335 Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

0.00013EPSS

EUVD•added 2026/05/04 6:0 a.m.•6 views

EUVD-2026-26906

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.3CVSS5.8AI score0.00013EPSS

Positive Technologies•added 2026/05/04 12:0 a.m.•4 views

PT-2026-36778

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.8AI score0.00013EPSS

RedhatCVE•added 2026/04/03 11:1 p.m.•2 views

CVE-2026-34735

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload endpoint validates uploaded files by checking their MIME type via PHP's finfo, which inspects file contents but constructs the stored filename using the...

8.7CVSS6AI score0.00081EPSS

CVE•added 2026/04/01 6:0 a.m.•7 views

CVE-2026-2696

The CVE-2026-2696 entry concerns the WordPress plugin Export All URLs (versions before 5.1). Affected component: the plugin’s CSV filename generation uses a predictable pattern based on a random 6‑digit number, and exported CSVs are stored in publicly accessible wp-content/uploads. This enables a...

5.3CVSS5.9AI score0.00041EPSS

RedhatCVE•added 2026/03/26 3:18 p.m.•1 views

CVE-2025-55043

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...

6.5CVSS5.6AI score0.00039EPSS

RedhatCVE•added 2026/03/26 3:7 p.m.•1 views

CVE-2026-28204

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

EUVD•added 2026/03/21 12:31 a.m.•1 views

EUVD-2026-13857

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS5.8AI score0.00017EPSS

Exploits0References3

EUVD•added 2026/03/21 12:31 a.m.•2 views

EUVD-2026-13850

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

NVD•added 2026/03/20 11:16 p.m.•1 views

Exploits0References4

CVE-2026-31926

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS0.00017EPSS

NVD•added 2026/03/20 11:16 p.m.•2 views

CVE-2026-28204

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

6.9CVSS0.00057EPSS

Exploits0References3

CVE•added 2026/03/20 11:6 p.m.•6 views

CVE-2026-31926

Technical details about CVE-2026-31926 are not publicly available in the provided documents. Monitor for updates from vendors and CSIRTs.

6.9CVSS5.8AI score0.00017EPSS

ATTACKERKB•added 2026/03/20 10:47 p.m.•3 views

CVE-2026-28204

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE•added 2026/03/20 10:47 p.m.•9 views

Exploits0References4

CVE-2026-28204

Technical details are not publicly available in the provided documents. The records only state that charging station authentication identifiers are publicly accessible via mapping platforms. Monitor for updates; no root cause or remediation details are provided here.