CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

256 matches found

CVE-2026-49233

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS

Exploits0References1

EUVD•added yesterday•5 views

EUVD-2026-35063

8.3CVSS5.4AI score

Exploits0References1

RedhatCVE•added 4 days ago•6 views

CVE-2026-7303

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

6.3CVSS4.5AI score0.00074EPSS

Exploits0References1

RedhatCVE•added 6 days ago•8 views

CVE-2025-22426

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00044EPSS

Exploits0References1

EUVD•added last week•8 views

EUVD-2026-34024

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS5.3AI score0.00038EPSS

Exploits0References6

CVE•added last week•12 views

CVE-2026-10624

The vulnerability affects SourceCodester Human Resource Management 1.0, in the Employee View Page’s detailview.php. Manipulating the employeeid parameter leads to improper control of resource identifiers (an IDOR-style issue). Exploitation can be performed remotely, and public disclosure of the e...

5.3CVSS5.3AI score0.00038EPSS

Exploits0References6

Vulnrichment•added last week•6 views

CVE-2026-10624 SourceCodester Human Resource Management Employee View detailview.php resource injection

5.3CVSS5.3AI score0.00038EPSS

Exploits0References6

EUVD•added 2026/06/02 12:31 a.m.•8 views

EUVD-2026-33832

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...

5.1CVSS5.6AI score0.00067EPSS

Exploits0References7

NVD•added 2026/06/01 11:16 p.m.•6 views

CVE-2026-10299

5.1CVSS0.00067EPSS

Exploits0References6

RedhatCVE•added 2026/06/01 4:3 p.m.•10 views

CVE-2026-10168

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

6.5CVSS5.5AI score0.00046EPSS

Exploits0References1

Positive Technologies•added 2026/06/01 12:0 a.m.•7 views

PT-2026-45662

5.1CVSS5.6AI score0.00067EPSS

Exploits0References7

NVD•added 2026/05/31 5:16 a.m.•8 views

CVE-2026-10168

6.5CVSS0.00046EPSS

Exploits0References4

ATTACKERKB•added 2026/05/31 4:0 a.m.•10 views

CVE-2026-10168

6.5CVSS6.3AI score0.00046EPSS

Exploits0References4

EUVD•added 2026/05/31 4:0 a.m.•10 views

EUVD-2026-33488

6.5CVSS5.5AI score0.00046EPSS

Exploits0References4

Positive Technologies•added 2026/05/31 12:0 a.m.•7 views

PT-2026-45171

6.5CVSS6.3AI score0.00046EPSS

Exploits0References5

CVE•added 2026/05/28 7:12 p.m.•10 views

CVE-2026-49130

MPD (Music Player Daemon) prior to version 0.24.11 is affected by a CRLF injection vulnerability in the XSPF playlist plugin’s xspf_char_data function. By supplying a malicious XSPF playlist that exploits XML numeric character references, an attacker can cause Expat decoding to insert literal CR/...

6.9CVSS5.8AI score0.00064EPSS

Exploits0References7

OSV•added 2026/05/26 10:16 p.m.•2 views

ALPINE-CVE-2026-42012

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00044EPSS

Exploits0References1

EUVD•added 2026/05/25 7:30 a.m.•11 views

EUVD-2026-31647

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from...

5.5CVSS5.7AI score0.00049EPSS

Exploits0References5