CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/26 5:45 p.m.•13 views

EUVD-2026-31945

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...

4.8CVSS5.2AI score0.00115EPSS

Vulnrichment•added 2026/05/26 5:0 p.m.•8 views

CVE-2026-9566 teableio teable Sign-up LoginPage.tsx cross site scripting

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

5.3CVSS4.1AI score0.00282EPSS

Cvelist•added 2026/05/26 2:8 p.m.•39 views

CVE-2026-42785 OpenKM 6.3.12 Remote Code Execution via Administrative Scripting

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

8.6CVSS0.00679EPSS

GithubExploit•added 2026/05/26 1:6 p.m.•7 views

cve-database

Vulnerability Report: Format String Vulnerability in D-Link DC...

6.2AI score

Exploits0

RedHat Linux•added 2026/05/26 9:30 a.m.•16 views

mysql: JSON unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: JSON. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

6.5CVSS7.2AI score0.00303EPSS

Exploits0References6

IBM Security Bulletins•added 2026/05/26 7:27 a.m.•12 views

Security Bulletin: Vulnerability in IBM WebSphere Application ( CVE-2025-14923) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could...

9.8CVSS5.8AI score0.0016EPSS

Exploits0Affected Software1

RedHat Linux•added 2026/05/26 5:39 a.m.•9 views

rsync: Rsync: Out of bounds array access via negative index

An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue...

4.3CVSS5.7AI score0.00283EPSS

Exploits0References6

NVD•added 2026/05/26 5:16 a.m.•9 views

CVE-2026-9530

A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read2004compressedsection of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been made...

4.8CVSS0.00143EPSS

EUVD•added 2026/05/26 4:15 a.m.•10 views

EUVD-2026-31788

A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function matchBLOCKHEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach. The exploit has been...

4.8CVSS5.4AI score0.00143EPSS

Exploits0References6

RedHat Linux•added 2026/05/26 3:53 a.m.•20 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat 4.2.0: new RHEL 9 container image security update

New Red Hat build of Cryostat 4.2.0 on RHEL 9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.3AI score0.01026EPSS

Exploits3References17

EUVD•added 2026/05/26 1:6 a.m.•9 views

EUVD-2025-209927

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

ATTACKERKB•added 2026/05/26 1:6 a.m.•6 views

CVE-2025-71310

Vulnrichment•added 2026/05/26 1:6 a.m.•5 views

Exploits0References2

CVE-2025-71310

CVE•added 2026/05/26 1:6 a.m.•18 views

CVE-2025-71310

The CVE 2025-71310 affects the GDPR cookies module for Backdrop CMS (before 1.x-1.3.5). The vulnerability is an XSS risk triggered when a malicious value is supplied in the optional YouTube service’s Info content field, under the condition that an attacker has either the "Create a GDPR Cookies Se...