CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1371499 matches found

EUVD-2026-34981

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS5.4AI score

Exploits0References5

Fedora•added 3 hours ago•5 views

[SECURITY] Fedora 43 Update: libssh2-1.11.1-6.fc43

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

7.5CVSS7.1AI score0.00075EPSS

Exploits0

RedhatCVE•added 4 hours ago•4 views

CVE-2026-9719

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the changestatus function. This makes it possible for...

4.3CVSS5.5AI score0.00014EPSS

Exploits0References1

RedhatCVE•added 4 hours ago•6 views

CVE-2026-46493

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use uniqid for generating salts, which is unsuitable. Version 26.0.1 fixes the issue...

7.5CVSS5.5AI score0.00029EPSS

Exploits0References1

Circl•added yesterday•3 views

GHSA-45VW-WH46-2VX8

creationtimestamp| type| source ---|---|--- 2026-06-06 23:55:29+00:00| seen| https://gist.github.com/vladko312/39507beaa58eacf3b62e6a6e6cd69128...

5.3AI score

Exploits0References1

Circl•added yesterday•3 views

GHSA-7P85-W9PX-JPJP

creationtimestamp| type| source ---|---|--- 2026-06-06 23:55:29+00:00| seen| https://gist.github.com/vladko312/39507beaa58eacf3b62e6a6e6cd69128...

5.3AI score

Exploits0References1

Circl•added yesterday•3 views

GHSA-79RJ-F7GJ-XF33

creationtimestamp| type| source ---|---|--- 2026-06-06 22:10:54+00:00| seen| https://gist.github.com/that1guycolin/b28d5802399c42591791c416e71c66dc...

5.3AI score

Exploits0References1

OSV•added yesterday•2 views

MINI-4R32-RQMM-PMQ9

Bulletin has no description...

5.1CVSS5.2AI score0.00006EPSS

Exploits0

ATTACKERKB•added yesterday•5 views

CVE-2026-36229

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.4AI score

Exploits0References1

Circl•added yesterday•3 views

CVE-2026-11438

creationtimestamp| type| source ---|---|--- 2026-06-06 20:55:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnnk2cufpv2l...

6.5CVSS6.5AI score

Exploits0References1

OSV•added yesterday•2 views

ROOT-APP-MAVEN-CVE-2025-67030 CVE-2025-67030 in io.root.org.codehaus.plexus:plexus-utils - Patched by Root

Root has patched CVE-2025-67030 in the io.root.org.codehaus.plexus:plexus-utils package for Root:Maven. Multiple fixed versions available...

8.8CVSS5.8AI score0.00427EPSS

Exploits0

RedhatCVE•added yesterday•6 views

CVE-2026-11330

A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the component Observation Content Hash Handler. This manipulation causes use of weak hash. The attack c...

3.6CVSS4.7AI score0.00009EPSS

Exploits0References1

RedhatCVE•added yesterday•6 views

CVE-2026-45570

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

9.6CVSS5.5AI score0.00016EPSS

Exploits0References1

RedhatCVE•added yesterday•8 views

CVE-2026-5415

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajaxruntool AJAX handler relying solely on a nonce check...

8.8CVSS5.7AI score0.00069EPSS

Exploits0References1

RedhatCVE•added yesterday•6 views

CVE-2026-45745

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS5.5AI score0.00017EPSS

Exploits0References1

RedhatCVE•added yesterday•5 views

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

8.1CVSS5.5AI score0.00033EPSS

Exploits0References1