CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 5 days ago•9 views

CVE-2017-20257

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands via the ajaxaction.flag_question task. Exploitation can occur by injecting malicious SQL through the stu_quiz_id or flag_quest parameters to manipula...

8.8CVSS6.3AI score0.00334EPSS

Cvelist•added 5 days ago•27 views

CVE-2017-20257 Joomla! Component Quiz Deluxe 3.7.4 SQL Injection

8.8CVSS0.00334EPSS

EUVD•added 5 days ago•6 views

EUVD-2017-18984

8.8CVSS6.3AI score0.00334EPSS

CVE•added 6 days ago•15 views

CVE-2026-49205

phpMyFAQ versions before 4.1.4 have Missing Authorization in the API CategoryController, where four write endpoints (POST /api/v4.0/category, POST /api/v4.0/faq, PUT /api/v4.0/faq, POST /api/v4.0/question) relied on a shared token check instead of per-user permissions. This allowed insufficient a...

6.5CVSS5.3AI score0.0024EPSS

Positive Technologies•added 6 days ago•13 views

PT-2026-50801

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.4 Description Missing authorization in the public API allows users to bypass role permission checks. The system only verifies a shared API key header via the hasValidToken function instead of validating individua...

6.5CVSS5.9AI score0.0024EPSS

Exploits0References8

FreeBSD•added 2026/06/09 12:0 a.m.•7 views

FreeBSD -- Insufficient response validation in the ldns stub resolver

Problem Description: When used as a stub resolver over UDP, ldns failed to verify that a received response belonged to the outstanding query. It did not check that the response source address and port matched the query destination, that the transaction ID matched, or that the question section of...

8.2CVSS5.6AI score0.00147EPSS

RedhatCVE•added 2026/06/05 7:14 p.m.•5 views

CVE-2026-4365

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the deletequestionanswer function in all versions up to, and including, 4.3.2.8. The plugin exposes a wprest nonce in public frontend HTML lpData to unauthenticated visitors, and...

9.1CVSS5.5AI score0.00867EPSS

Exploits0References1

Packet Storm News•added 2026/06/05 12:0 a.m.•18 views

RecurGuard: Runtime Monitoring for Reasoning-Token Consumption Attacks

Reasoning-capable large language models can be induced to spend their generation budget on injected decoy tasks rather than answering the user's question, causing denial of service when no final answer is produced and denial of wallet when excess output tokens are billed. Input-side safety...

5.6AI score

CVE•added 2026/05/28 2:13 p.m.•21 views

CVE-2026-35672

CVE-2026-35672 affects phpMyFAQ prior to 4.1.3 where the default API client token is an empty string. The authentication check compares the configured token to the request header x-pmf-token and uses strict inequality; if the header is empty, authentication is bypassed. This allows unauthenticate...

8.7CVSS5.8AI score0.00384EPSS

Vulnrichment•added 2026/05/28 2:13 p.m.•8 views

CVE-2026-35672 phpMyFAQ - Authentication Bypass via Empty API Token

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

8.7CVSS5.8AI score0.00384EPSS

Akamai Blog•added 2026/05/27 9:0 a.m.•7 views

Distributed AI Inference: Why Placement Is the New Bottleneck

In real AI systems, bottlenecks don't disappear, they move. Learn about why inference placement, not raw compute, is the decisive infrastructure question...

5.8AI score

NVD•added 2026/05/27 7:16 a.m.•10 views

CVE-2026-8040

The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00187EPSS

Exploits0References3

CNNVD•added 2026/05/26 12:0 a.m.•6 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from access control flaws in the API for retrieving OSS file service URLs, which...

5.3CVSS5.9AI score0.00207EPSS

Exploits0References1

CNNVD•added 2026/05/26 12:0 a.m.•7 views

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.8.1 contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the OSS file service URL retrieval...

6.3CVSS5.9AI score0.00232EPSS

Packet Storm News•added 2026/05/23 12:0 a.m.•9 views

CyberMaskQA: A Privacy-Aware Benchmark for Evaluating Large Language Models in Cybersecurity Question Answering

Large language models LLMs are increasingly applied to cybersecurity question answering QA for critical tasks such as incident response and vulnerability analysis. However, real-world operational contexts, including system logs and network configurations, inherently contain sensitive identifiers,...

5.8AI score