CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Circl•added 2026/05/14 7:52 a.m.•6 views

CVE-2025-14869

creationtimestamp| type| source ---|---|--- 2026-05-14 07:52:53+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-gitlab-ce/ee-14 2026-05-14 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260515...

7.5CVSS5.8AI score0.00035EPSS

Exploits0References2

Circl•added 2026/05/14 6:51 a.m.•7 views

CVE-2026-0240

creationtimestamp| type| source ---|---|--- 2026-05-14 06:51:24+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-palo-alto-networks-1...

7.4CVSS5.8AI score0.00008EPSS

OSV•added 2026/05/14 12:21 a.m.•4 views

OSV-2026-736 Heap-buffer-overflow in coap_pdu_parse_header

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512517700 Crash type: Heap-buffer-overflow READ 1 Crash state: coappduparseheader coappduparse2 coappduparse...

OSV•added 2026/05/14 12:2 a.m.•1 views

OSV-2026-726 Use-after-poison in md_build_attribute

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512429151 Crash type: Use-after-poison READ 1 Crash state: mdbuildattribute mdprocessallblocks mdparse...

VulnCheck KEV•added 2026/05/14 12:0 a.m.•19 views

VulnCheck KEV: CVE-2026-28517

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...

9.8CVSS5.9AI score0.31367EPSS

In wildExploits2References3

Snyk•added 2026/05/13 9:0 p.m.•3 views

Malicious Package

Overview @kindo/selfbot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

RedhatCVE•added 2026/05/13 8:23 p.m.•3 views

CVE-2026-8225

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcfnpcfsmpolicycontrolhandledelete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available an...

7.5CVSS5.7AI score0.00082EPSS

Exploits1References1

RedhatCVE•added 2026/05/13 2:21 p.m.•6 views

CVE-2026-28873

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...

7.5CVSS5.8AI score0.00038EPSS

Microsoft CVE•added 2026/05/13 8:1 a.m.•5 views

jq: Signed-int overflow in `stack_reallocate` (jq VM stack)

...

7.3CVSS5.8AI score0.00013EPSS

Exploits1

Grafana•added 2026/05/13 12:0 a.m.•7 views

BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

Any Editor could delete any snapshot, even if they have no access to read or write them...

6.5CVSS5.8AI score0.00013EPSS

CNNVD•added 2026/05/13 12:0 a.m.•5 views

Linbit csync2 安全漏洞

Linbit csync2 is a cluster synchronization tool developed by the Austrian company Linbit. It is primarily used to keep files synchronized across multiple hosts within a cluster. Linbit csync2 has a security vulnerability that stems from the use of insecure temporary directories during compilation...

5.1CVSS5.8AI score0.00012EPSS

Grafana•added 2026/05/13 12:0 a.m.•4 views

Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

7.1CVSS5.8AI score0.00013EPSS

Vulnrichment•added 2026/05/12 10:46 p.m.•3 views

CVE-2026-44245 Kyverno: [policy-reporter-ui] XSS via Stored Property Values in PropertyCard Component

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 2.5.2, Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses...

6.1CVSS5.9AI score0.00031EPSS

Exploits1References1

GithubExploit•added 2026/05/12 4:27 p.m.•57 views

wafuzz

wafuzz — Web Pentesting Orchestrator Interactive CLI web secu...

6AI score

Circl•added 2026/05/12 3:52 p.m.•4 views

CVE-2026-40377

creationtimestamp| type| source ---|---|--- 2026-05-12 15:52:42+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0141 2026-05-12 16:38:43+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review 2026-05-13 01:08:48+00:00| seen|...

7.8CVSS5.7AI score0.00049EPSS

Exploits0References3

Circl•added 2026/05/12 2:44 p.m.•4 views

CVE-2026-45185

creationtimestamp| type| source ---|---|--- 2026-05-12 14:44:00+00:00| seen| https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html 2026-05-12 18:00:04+00:00| seen| https://t.me/GithubRedTeam/83976 2026-05-12 23:00:14+00:00| seen|...

9.8CVSS6AI score0.00082EPSS

Exploits2References36

NVD•added 2026/05/12 2:16 p.m.•6 views

CVE-2025-12659

Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS0.00014EPSS

Exploits0References3

Wolfi•added 2026/05/12 7:48 a.m.•9 views

GHSA-H8J7-WC37-PR97 vulnerabilities

Vulnerabilities for packages: chromium...

OSV•added 2026/05/12 12:14 a.m.•5 views

OSV-2026-718 Heap-buffer-overflow in md_parse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511825301 Crash type: Heap-buffer-overflow READ 1 Crash state: mdparse mdhtml fuzz-mdhtml.c...