CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20544 matches found

Github Security Blog•added 55 minutes ago•3 views

Docling Core: Insufficient validation of image reference URIs

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

5.8AI score

Exploits0References3Affected Software1

NVD•added 3 hours ago•3 views

CVE-2026-46268

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

Exploits0References3

ATTACKERKB•added 6 hours ago•1 views

CVE-2026-46268

5.7AI score

Exploits0References4Affected Software1

Cvelist•added 6 hours ago•3 views

CVE-2026-46268 PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition

Exploits0References3

EUVD•added 6 hours ago•2 views

EUVD-2026-34126

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devmaddactionorreset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e0: i...

5.8AI score

Exploits0References2

Nuclei•added 16 hours ago•9 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS5.8AI score0.07463EPSS

Exploits0References2

Nuclei•added 16 hours ago•13 views

Danswer - Insecure Direct Object Reference

The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/fileid interface to view any user's file. id: CVE-2024-9617 info: name: Danswer - Insecure Direct Object Reference author: s4e-io severity: medium...

6.5CVSS6.6AI score0.15556EPSS

Exploits0

Nuclei•added 16 hours ago•56 views

Zoho ManageEngine OpManager - SQL Injection

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

7.5CVSS7.2AI score0.08249EPSS

Exploits1References2

Nuclei•added 16 hours ago•4 views

ionCube Tester Plus <= 1.3 - Local File Inclusion

The ionCube Tester Plus plugin for WordPress versions = 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read sensitive files such as wp-config.php and /etc/passwd without...

7.5CVSS5.9AI score0.06827EPSS

Exploits0References2

Circl•added 16 hours ago•5 views

CVE-2026-8885

creationtimestamp| type| source ---|---|--- 2026-06-03 05:15:50+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mnee4piqoh2c 2026-06-03 05:15:50+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mnee4piqoh2c...

6.4CVSS5.8AI score0.00029EPSS

Exploits0References1

NVD•added 20 hours ago•5 views

CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

7.3CVSS

Exploits0References3

Cvelist•added 21 hours ago•9 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

Exploits0References2

Positive Technologies•added 22 hours ago•2 views

PT-2026-46027

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm add action or reset failure the provided cleanup action will be run immediately on the not yet initialized kobject. This may lead to errors like: kobject: 'null' ff110001393608e...

5.8AI score

Exploits0References3

NVD•added yesterday•6 views

CVE-2026-31942

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS

Exploits0References1

EUVD•added yesterday•5 views

EUVD-2026-34049

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

7.2CVSS5.7AI score

Exploits0References1

CVE•added yesterday•9 views

CVE-2026-31942

LibreChat (up to version 0.7.6) is affected by an Insecure Direct Object Reference (IDOR) in the API keys management endpoint (PUT /api/keys). After setting the authenticated user’s ID, an attacker can inject a userId parameter in the request body to overwrite other users’ API keys (e.g., OpenAI,...

7.1CVSS5.8AI score

Exploits0References1