CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 5 days ago•7 views

CVE-2026-47216

Typesense has an unauthenticated denial-of-service vulnerability in the /multi_search endpoint, affecting versions prior to 29.1 and 30.2. A crafted request can trigger an unhandled exception during request processing, terminating the server process and causing service unavailability. The issue i...

EUVD•added 5 days ago•5 views

EUVD-2026-36512

Vulnrichment•added 5 days ago•7 views

CVE-2026-47216 Typesense: Unauthenticated Denial of Service in the Typesense /multi_search Endpoint

Positive Technologies•added 5 days ago•8 views

PT-2026-48943

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

NVD•added 2026/06/09 5:17 p.m.•8 views

Exploits0References2

CVE-2026-49956

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS0.00272EPSS

Exploits0References5

Positive Technologies•added 2026/06/09 12:0 a.m.•6 views

PT-2026-47854

7.1CVSS5.5AI score0.00272EPSS

Exploits0References5

RedhatCVE•added 2026/06/05 7:31 p.m.•7 views

CVE-2026-33146

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint POST /api/search/share-search for publicly shared content. This...

4.3CVSS5.4AI score0.00213EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:15 p.m.•5 views

CVE-2026-46372

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern exposes /api/search/searxng, which accepts attacker-controlled baseUrl and uses it...

8.5CVSS5.5AI score0.00866EPSS

OSV•added 2026/06/04 7:27 p.m.•7 views

GHSA-8V9P-G828-V98F Shopware: Admin Account Takeover via User Recovery Hash Exposure

Summary A low-privilege admin user with userrecovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

6.8CVSS5.8AI score0.00034EPSS

Exploits0References4

NVD•added 2026/05/29 7:16 p.m.•10 views

CVE-2026-46372

8.5CVSS0.00866EPSS

NVD•added 2026/05/25 3:16 p.m.•9 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS0.00337EPSS

Exploits0References3

ATTACKERKB•added 2026/05/25 2:15 p.m.•6 views

CVE-2018-25364

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/25 2:15 p.m.•4 views

CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php

EUVD•added 2026/05/25 2:15 p.m.•7 views

Exploits0References3

EUVD-2018-21886

Positive Technologies•added 2026/05/25 12:0 a.m.•7 views

Exploits0References3

PT-2026-43217