CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/26 2:45 a.m.•5 views

EUVD-2026-31783

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

6.5CVSS6.4AI score0.00029EPSS

CVE•added 2026/05/24 7:15 a.m.•11 views

CVE-2026-9363

CVE-2026-9363 affects Edimax EW-7438RPn firmware 1.12. The vulnerability resides in the POST Request Handler function formEZCHNwlanSetup (file /goform/formEZCHNwlanSetu), where argument manipulation enables remote command injection. Remote exploitation is possible; an exploit is public. The vendo...

6.5CVSS6.4AI score0.01409EPSS

Cvelist•added 2026/05/23 10:0 a.m.•7 views

CVE-2026-9296 Edimax BR-6428NS POST Request formWlanM system command injection

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

6.5CVSS0.01409EPSS

EUVD•added 2026/05/13 6:30 p.m.•2 views

EUVD-2026-29999

When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are...

NVD•added 2026/05/13 4:16 p.m.•8 views

Exploits0References2

CVE-2026-42409

8.7CVSS0.00115EPSS

Vulnrichment•added 2026/05/13 2:12 p.m.•3 views

CVE-2026-42409 BIG-IP HTTP/2 vulnerability

Cvelist•added 2026/05/13 2:12 p.m.•24 views

CVE-2026-42409 BIG-IP HTTP/2 vulnerability

8.7CVSS0.00115EPSS

CVE•added 2026/05/13 2:12 p.m.•10 views

CVE-2026-42409

CVE-2026-42409 affects BIG-IP: when an HTTP/2 profile is used with an iRule containing HTTP::redirect or HTTP::respond on a virtual server, undisclosed requests can crash the Traffic Management Microkernel (TMM), causing DoS. Evidence in connected docs shows affected products: BIG-IP (all modules...

ATTACKERKB•added 2026/05/13 2:12 p.m.•4 views

CVE-2026-42409

Exploits0References2Affected Software4

F5 Networks•added 2026/05/13 12:52 p.m.•6 views

K000159034: BIG-IP HTTP/2 vulnerability CVE-2026-42409

Security Advisory Description When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. CVE-2026-42409 Impact Traffic is disrupted while...

8.7CVSS5.7AI score0.00115EPSS

Exploits0Affected Software30

Positive Technologies•added 2026/05/13 12:0 a.m.•7 views

PT-2026-40671

Name of the Vulnerable Software and Affected Versions F5 BIG-IP affected versions not specified BIG-IP Next SPK affected versions not specified BIG-IP Next CNF affected versions not specified BIG-IP Next for Kubernetes affected versions not specified Description Undisclosed requests can cause the...

ATTACKERKB•added 2026/04/23 12:0 a.m.•2 views

Exploits0References3

CVE-2026-6878

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

6.3CVSS4.9AI score0.00056EPSS

Exploits0References4Affected Software1

EUVD•added 2026/04/06 6:30 a.m.•2 views

EUVD-2026-19164

A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity ...

6.3CVSS5.4AI score0.00017EPSS

Exploits0References5

CVE•added 2026/04/05 5:30 p.m.•4 views

CVE-2026-5585

Summary of CVE-2026-5585 : Tencent AI-Infra-Guard 4.0 contains a vulnerability in the Task Detail Endpoint, specifically an unknown function within the file common/websocket/task_manager.go. Manipulation of this element results in information disclosure. The attack may be initiated remotely and, ...

7.5CVSS5.6AI score0.00018EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/04/05 12:0 a.m.•1 views

PT-2026-30454

A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function execute sql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The explo...

6.5CVSS6.4AI score0.00034EPSS

Exploits0References5

NVD•added 2026/03/29 1:17 p.m.•1 views

CVE-2026-5044

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

9CVSS0.00108EPSS

Exploits1References4

Vulnrichment•added 2026/03/27 10:3 p.m.•0 views

CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

5.3CVSS5.5AI score0.00012EPSS

NVD•added 2026/03/27 2:16 a.m.•2 views

CVE-2026-4907

A vulnerability was identified in Page-Replica Page Replica up to e4a7f52e75093ee318b4d5a9a9db6751050d2ad0. The impacted element is the function sitemap.fetch of the file /sitemap of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack is...

6.5CVSS0.00043EPSS