CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1445 matches found

CVE-2026-35482

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS0.00036EPSS

Exploits0References1

EUVD•added 2 days ago•5 views

EUVD-2026-34050

8CVSS6.1AI score0.00036EPSS

Exploits0References1

CVE•added 2 days ago•12 views

CVE-2026-35482

CVE-2026-35482 : alf.io’s extension script engine vulnerability allows an authenticated administrator to escape the Rhino sandbox and execute arbitrary OS commands on the server. The issue stems from an unguarded injected Java object (returnClass) combined with an incomplete AST blocklist, enabli...

8CVSS6.1AI score0.00036EPSS

Exploits0References1

Cvelist•added 2 days ago•29 views

CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape

8CVSS0.00036EPSS

Exploits0References1

Cvelist•added 2 days ago•30 views

CVE-2024-42206 HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...

3.1CVSS0.00029EPSS

Exploits0References1

NVD•added 2 days ago•6 views

CVE-2026-46718

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

6.5CVSS0.00158EPSS

Exploits0References2

Nuclei•added 2 days ago•92 views

Github Enterprise Authenticated Remote Code Execution

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

9.8CVSS7.8AI score0.69506EPSS

Exploits1References5

Nuclei•added 2 days ago•15 views

vBulletin replaceAdTemplate - Remote Code Execution

vBulletin versions 5.0.0 through 6.0.3 contain a Remote Code Execution RCE vulnerability in the ajax/api/ad/replaceAdTemplate endpoint. This flaw arises from improper use of PHP's Reflection API, allowing unauthenticated attackers to invoke protected controller methods. By injecting a crafted...

10CVSS7.7AI score0.77631EPSS

Exploits6References4

Cvelist•added 2 days ago•32 views

CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution

0.00158EPSS

Exploits0References1

EUVD•added 2 days ago•5 views

EUVD-2026-33906

6.5CVSS5.8AI score0.00158EPSS

Exploits0References1

CVE•added 2 days ago•10 views

CVE-2026-46718

Apache Calcite is affected by CVE-2026-46718: Unsafe Reflection via a user-controlled model can load arbitrary classes, enabling code execution. Affected: 1.5.0 up to

6.5CVSS5.8AI score0.00158EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2 days ago•3 views

CVE-2026-46718

5.8AI score0.00158EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2 days ago•3 views

CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution

5.8AI score0.00158EPSS

Exploits0References1

CNNVD•added 3 days ago•2 views

WordPress plugin e2pdf has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

7.1CVSS5.7AI score0.00033EPSS

Exploits0References1

NVD•added last week•8 views

CVE-2026-46685

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...

6CVSS0.00015EPSS

Exploits0References1

ATTACKERKB•added last week•3 views

CVE-2026-46685

6CVSS5.8AI score0.00015EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/28 12:0 a.m.•5 views

Sensorweb ScadaBR 安全漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation, designed for developing automated data acquisition and monitoring applications. Sensorweb ScadaBR has a security vulnerability, which stems from a reflection-type cross-site scripting issue in URL processing...

6.1CVSS5.6AI score0.00031EPSS

Exploits0References1

CNNVD•added 2026/05/28 12:0 a.m.•4 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained a security vulnerability. This vulnerability arises when RUSTFSCORSALLOWEDORIGINS is not set; in such cases, ConditionalCorsLayer reflects the Origin value and sets a relaxed...

6CVSS5.8AI score0.00015EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•4 views

WordPress plugin Gutenverse 跨站脚本漏洞

6.1CVSS5.7AI score0.00089EPSS

Exploits0References3

CNNVD•added 2026/05/27 12:0 a.m.•5 views

WordPress plugin Felan Framework 跨站脚本漏洞

7.1CVSS5.7AI score0.00036EPSS

Exploits0References1

Rows per page