CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/15 12:45 a.m.•30 views

CVE-2026-12202 Intelliants Subrion CMS Blocks Endpoint cross site scripting

4.8CVSS0.00214EPSS

CVE•added 2026/06/15 12:45 a.m.•11 views

CVE-2026-12202

Intelliants Subrion CMS (up to 4.0.3) is affected via the Blocks Endpoint, where manipulating the CSS class name can trigger cross-site scripting. The issue is exploitable remotely and a public exploit exists. Vendor did not respond to disclosure. Based on linked CVSS data, the impact is limited ...

4.8CVSS3.3AI score0.00214EPSS

EUVD•added 2026/06/15 12:31 a.m.•8 views

EUVD-2026-36673

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

8.6CVSS7AI score0.02385EPSS

NVD•added 2026/06/15 12:16 a.m.•11 views

CVE-2026-12198

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

7.5CVSS0.00525EPSS

Cvelist•added 2026/06/15 12:15 a.m.•32 views

CVE-2026-12200 Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

7.5CVSS0.00324EPSS

CVE•added 2026/06/15 12:15 a.m.•12 views

CVE-2026-12200

Ritlabs TinyWeb Server (Windows, up to v1.94) is affected by a stack-based buffer overflow in the Header Handler’s libeay32.dll.html component. The vulnerability is triggered by manipulating the Authorization argument, allowing remote exploitation. An exploit has been disclosed publicly, and the ...

7.5CVSS8AI score0.00324EPSS

Vulnrichment•added 2026/06/15 12:15 a.m.•6 views

CVE-2026-12200 Ritlabs TinyWeb Server Header libeay32.dll.html stack-based overflow

7.5CVSS7.9AI score0.00324EPSS

CVE•added 2026/06/15 12:0 a.m.•14 views

CVE-2026-12198

CVE-2026-12198 affects Microweber up to 2.0.20. The vulnerability is in the API Endpoint file /api_nosession/thumbnail_img, specifically the function userfiles_path, where manipulating the argument cache_path_relative can cause a path traversal. It is possible to launch the attack remotely, and p...

7.5CVSS7.1AI score0.00525EPSS

EUVD•added 2026/06/15 12:0 a.m.•9 views

EUVD-2026-36674

7.5CVSS7.2AI score0.00525EPSS

Cvelist•added 2026/06/15 12:0 a.m.•35 views

CVE-2026-12198 Microweber API Endpoint thumbnail_img userfiles_path path traversal

7.5CVSS0.00525EPSS

Positive Technologies•added 2026/06/15 12:0 a.m.•9 views

PT-2026-49167

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file appmodulesmedicalportrestcontrollersPatientController.php of the component HTTP REST API. The manipulation of the argument ID results ...

5.3CVSS5.1AI score0.00226EPSS

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49165

Name of the Vulnerable Software and Affected Versions ShopXO versions prior to 6.7.2 Description An authorization bypass exists in the Scheduled Task Endpoint within the app/api/controller/Crontab.php file. This issue allows a remote attacker to bypass authorization by manipulating the OrderClose...

7.5CVSS7.3AI score0.00292EPSS

Exploits0References9

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49175

A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file server/account/src/operations.ts of the component User Information Handler. The manipulation results in improper authorization. The attack may be launche...

5.3CVSS4.8AI score0.00203EPSS

Positive Technologies•added 2026/06/15 12:0 a.m.•9 views

PT-2026-49180

A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. This manipulation of the argument Time causes command injection. The attack can be initiated remotely...

6.5CVSS5.2AI score0.01519EPSS

CVE•added 2026/06/14 11:45 p.m.•21 views

CVE-2026-12197

The CVE-2026-12197 affects Ruijie EG105G-P (firmware 2.340). The issue resides in the nslookup function of /cgi-bin/luci/api/diagnose (JSON-RPC Diagnose Endpoint), where manipulating the params.target argument leads to command injection. It enables remote initiation of an attack, with an exploit ...

8.6CVSS7AI score0.02385EPSS

Vulnrichment•added 2026/06/14 10:15 p.m.•7 views

CVE-2026-12188 Grit42 Grit GritEntityController grit_entity_controller.rb sql injection

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/gritentitycontroller.rb of the component GritEntityController. Performing a manipulation results in sql injection. The...

6.5CVSS6.3AI score0.00196EPSS

Cvelist•added 2026/06/14 10:15 p.m.•25 views

CVE-2026-12188 Grit42 Grit GritEntityController grit_entity_controller.rb sql injection

6.5CVSS0.00196EPSS

CVE•added 2026/06/14 10:15 p.m.•21 views

CVE-2026-12188

Affected software: Grit42 Grit (up to 0.11.0). Vulnerable component: grit_entity_controller.rb (modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controller.rb) within GritEntityController. Issue: SQL injection triggered by manipulating a function in the controller; described as...

6.5CVSS6.4AI score0.00196EPSS