CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Node JS Blog•added 5 days ago•5 views

Wednesday, June 17, 2026 Security Releases

Wednesday, June 17, 2026 Security Releases Summary The Node.js project will release new versions of the 26.x, 24.x, 22.x releases lines on or shortly after, Wednesday, June 17, 2026 in order to address one or more security issues, the highest severity is HIGH. Impact The highest severity issue...

5.5AI score

Exploits0

NVD•added 6 days ago•8 views

CVE-2026-11504

9CVSS0.00088EPSS

Vulnrichment•added 6 days ago•3 views

CVE-2026-11504 Tenda CX12L Wi-Fi Schedule Configuration Endpoint openSchedWifi setSchedWifi stack-based overflow

CVE•added 6 days ago•10 views

CVE-2026-11504

The CVE-2026-11504 entry concerns Tenda CX12L firmware 16.03.53.12. The vulnerability exists in the Wi‑Fi Schedule Configuration Endpoint, specifically the setSchedWifi function in /goform/openSchedWifi. Crafting the schedStartTime or schedEndTime argument causes a stack‑based buffer overflow, en...

ATTACKERKB•added 6 days ago•3 views

CVE-2026-11504

Exploits0References6Affected Software1

EUVD•added 6 days ago•6 views

EUVD-2026-35039

Positive Technologies•added 6 days ago•7 views

PT-2026-47267

Name of the Vulnerable Software and Affected Versions Tenda CX12L version 16.03.53.12 Description A stack-based buffer overflow can be triggered remotely via the Wi-Fi Schedule Configuration Endpoint. The issue exists within the setSchedWifi function located in the /goform/openSchedWifi file. Thi...

9CVSS8.3AI score0.00088EPSS

Exploits0References9

RedhatCVE•added 2026/06/05 7:51 p.m.•5 views

CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5...

7.2CVSS6AI score0.00186EPSS

RedhatCVE•added 2026/06/05 7:48 p.m.•7 views

CVE-2026-10529

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can...

4.8CVSS3.5AI score0.00036EPSS

RedhatCVE•added 2026/06/05 7:46 p.m.•6 views

CVE-2026-6613

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...

6.5CVSS6.2AI score0.00043EPSS

RedhatCVE•added 2026/06/05 7:40 p.m.•4 views

CVE-2025-40903

A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious restore schedule containing HTML tags. When a victim views the affected...

5.9CVSS5.5AI score0.00029EPSS

RedhatCVE•added 2026/06/05 7:11 p.m.•7 views

CVE-2026-8364

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

9.8CVSS5.5AI score0.00054EPSS

CVE•added 2026/06/05 10:15 a.m.•15 views

CVE-2026-21030

CVE-2026-21030 describes an improper access control issue in MediaTek Audio HAL prior to the SMR Jun-2026 Release 1, enabling local attackers to trigger privileged functions. The affected component is MediaTek Audio HAL; root cause is improper access control, with impact described as privileged a...

7.8CVSS5.5AI score0.00014EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/06/03 12:0 a.m.•7 views

PT-2026-46020

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read current timer is called on ARM32 platforms where the SP804 is not registered as the sched clock. On SP804, the delay timer shares the same clkevt instance with sched clock. O...

5.8AI score0.00014EPSS

Exploits0References3

RedhatCVE•added 2026/06/02 10:2 p.m.•7 views

CVE-2026-45632

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

9.9CVSS6AI score0.00049EPSS

EUVD•added 2026/06/02 12:15 a.m.•7 views

EUVD-2026-33855

4.8CVSS4.1AI score0.00036EPSS