CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/24 12:0 a.m.•18 views

PT-2026-42972

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formWanTcpipSetup function located in the '/goform/formWanTcpipSetup' endpoint when the...

9CVSS7.5AI score0.00445EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•13 views

PT-2026-42931

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

6.3CVSS5.1AI score0.00202EPSS

Exploits0References6

Positive Technologies•added 2026/05/24 12:0 a.m.•17 views

PT-2026-42934

A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this...

6.3CVSS5.1AI score0.00357EPSS

Exploits0References3

Positive Technologies•added 2026/05/24 12:0 a.m.•14 views

PT-2026-42936

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

6.5CVSS6.2AI score0.00252EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•13 views

PT-2026-42940

A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The...

9CVSS7.8AI score0.00445EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•18 views

PT-2026-42944

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

7.5CVSS6.8AI score0.00254EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•17 views

PT-2026-42906

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check all command guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is public...

7.5CVSS6.8AI score0.00278EPSS

NVD•added 2026/05/23 11:16 p.m.•13 views

CVE-2026-9342

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS0.00192EPSS

ATTACKERKB•added 2026/05/23 10:15 p.m.•12 views

CVE-2026-9342

Exploits0References5Affected Software1

CVE•added 2026/05/23 10:15 p.m.•37 views

CVE-2026-9342

SourceCodester Hospitals Patient Records Management System 1.0 has a remote SQL injection in the file /admin/patients/view_history.php via manipulation of the ID argument. The flaw arises from unsanitized input, enabling a potential attacker to execute arbitrary SQL. Reported impacts include data...

EUVD•added 2026/05/23 10:15 p.m.•13 views

EUVD-2026-31554

Vulnrichment•added 2026/05/23 10:15 p.m.•7 views

CVE-2026-9342 SourceCodester Hospitals Patient Records Management System view_history.php sql injection

NVD•added 2026/05/23 4:19 p.m.•15 views

CVE-2026-9306

A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be...

6.3CVSS0.00291EPSS

NVD•added 2026/05/23 3:16 p.m.•14 views

CVE-2026-9305

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...

6.5CVSS0.00192EPSS

EUVD•added 2026/05/23 3:0 p.m.•13 views

EUVD-2026-31542

6.3CVSS5.2AI score0.00291EPSS

Vulnrichment•added 2026/05/23 3:0 p.m.•9 views

CVE-2026-9306 QuantumNous new-api Midjourney Image Relay Endpoint relay-router.go GetByOnlyMJId authorization

6.3CVSS5.2AI score0.00291EPSS

CVE•added 2026/05/23 3:0 p.m.•74 views

CVE-2026-9306

CVE-2026-9306 affects QuantumNous new-api up to 0.12.1, specifically the Midjourney Image Relay Endpoint’s RelayMidjourneyImage/GetByOnlyMJId in router/relay-router.go. The issue enables authorization bypass through manipulation of the endpoint. It is reported as exploitable remotely with high co...

6.3CVSS5.2AI score0.00291EPSS

EUVD•added 2026/05/23 2:30 p.m.•12 views

EUVD-2026-31541

6.5CVSS6.4AI score0.00192EPSS

CVE•added 2026/05/23 2:30 p.m.•51 views

CVE-2026-9305

CVE-2026-9305 affects QuantumNous new-api self Endpoint up to version 0.12.1. The vulnerable element is the functions SearchUserTopUps and SearchAllTopUps in file model/topup.go, enabling a SQL injection via remote exposure. Public exploit availability is claimed. No remediation details are provi...

6.5CVSS6.4AI score0.00192EPSS