CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

4.8CVSS3AI score0.00215EPSS

CVE-2026-7015

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument ftext/fslug/flimit/femail leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed t...

4.8CVSS3.1AI score0.00291EPSS

CVE-2026-7012

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

4.8CVSS2.9AI score0.00433EPSS

CVE-2026-7027

A vulnerability was identified in D-Link DSL-2740R EU01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and...

RedhatCVE•added 2026/04/27 7:23 p.m.•2 views

CVE-2026-7018

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the...

6.3CVSS5.2AI score0.00338EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•2 views

CVE-2026-6999

A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component Wireless Setting. This manipulation of the argument Network Name SSID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been...

4.8CVSS4.2AI score0.00265EPSS

8.8CVSS6.3AI score0.00365EPSS

CVE-2026-7023

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...

5.8CVSS4.8AI score0.00299EPSS

CVE-2026-6984

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...

RedhatCVE•added 2026/04/27 7:23 p.m.•2 views

CVE-2026-6978

A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialcharsdecode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sqls results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

5.8CVSS5AI score0.00253EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•6 views

CVE-2026-6977

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

7.5CVSS6.9AI score0.00278EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•5 views

CVE-2026-6979

A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes server-side request forgery. The attack can be initiated remotely. The exploit has been published and m...

6.5CVSS6.1AI score0.00252EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•5 views

CVE-2026-6982

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

6.5CVSS6.2AI score0.00241EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•4 views

CVE-2026-7033

A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. The attack can be launched remotely. The exploit has been...

9CVSS8.6AI score0.00746EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•6 views

CVE-2026-7056

A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be...

9CVSS8.5AI score0.00622EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•5 views

CVE-2026-7031

A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used...

9CVSS8.6AI score0.00655EPSS

RedhatCVE•added 2026/04/27 7:23 p.m.•8 views

CVE-2026-6988

A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...

9CVSS8.4AI score0.00619EPSS