CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/04/15 12:0 a.m.•6 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. An out-of-bounds read vulnerability exists in the Google Chrome Skia component, which can be exploited by attackers to obtain sensitive information...

6.5CVSS5.8AI score0.00234EPSS

Cvelist•added 2026/04/15 12:0 a.m.•14 views

CVE-2026-30994

Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...

0.00254EPSS

Cvelist•added 2026/04/15 12:0 a.m.•19 views

CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

0.0026EPSS

Positive Technologies•added 2026/04/15 12:0 a.m.•4 views

PT-2026-33058

Name of the Vulnerable Software and Affected Versions Airflow versions prior to 3.1.8 Description The secrets masker failed to mark the access key and connection string connection properties as sensitive. This allows users with read permissions to view these values in the Connection UI...

6.5CVSS5.8AI score0.00552EPSS

Exploits0References11

Positive Technologies•added 2026/04/15 12:0 a.m.•7 views

PT-2026-33100

CVE-2026-30994 Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active sessi… https://t.co/gJYAMbDBW2...

7.5CVSS5.8AI score0.00254EPSS

Exploits0References4

Vulnrichment•added 2026/04/15 12:0 a.m.•4 views

CVE-2026-30994

Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...

5.8AI score0.00254EPSS

Snyk•added 2026/04/14 10:49 p.m.•2 views

Active Debug Code

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php script, which executes a shell command and returns sensitive information as JSON to any unauthenticated user. An attacker ca...

6.9CVSS5.8AI score

Snyk•added 2026/04/14 8:0 p.m.•3 views

Information Exposure

Overview github.com/free5gc/udr/internal/sbi is a None Affected versions of this package are vulnerable to Information Exposure. in the HandleApplicationDataInfluenceDataSubsToNotifyGet process. An attacker can access sensitive subscriber identifiers by sending unauthenticated HTTP GET requests t...

8.7CVSS5.8AI score0.00506EPSS

Exploits1References3

RedhatCVE•added 2026/04/14 7:23 p.m.•5 views

CVE-2026-39570

Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

RedhatCVE•added 2026/04/14 7:23 p.m.•4 views

CVE-2026-39542

Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through = 2.10.13...

RedhatCVE•added 2026/04/14 7:23 p.m.•6 views

CVE-2026-39572

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/...

4.3CVSS5.8AI score0.00189EPSS

RedhatCVE•added 2026/04/14 7:23 p.m.•4 views

CVE-2026-39516

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.7.0...

RedhatCVE•added 2026/04/14 7:23 p.m.•6 views

CVE-2026-39564

Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through 3.6.2...

RedhatCVE•added 2026/04/14 7:23 p.m.•5 views

CVE-2026-39469

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through = 2.0.8...

4.3CVSS5.8AI score0.00179EPSS

RedhatCVE•added 2026/04/14 7:23 p.m.•2 views

CVE-2026-39566

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects DirectoryPress: from n/a through = 3.6.26...

4.3CVSS5.8AI score0.00189EPSS

EUVD•added 2026/04/14 6:30 p.m.•6 views

EUVD-2026-22649

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS5.8AI score0.03447EPSS

Exploits5References2

EUVD•added 2026/04/14 6:30 p.m.•4 views

EUVD-2026-22597

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally...

5.5CVSS5.6AI score0.00421EPSS

EUVD•added 2026/04/14 6:30 p.m.•4 views

EUVD-2026-22603

Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally...

5.5CVSS5.6AI score0.00436EPSS