CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/27 12:0 a.m.•11 views

PT-2026-43620

Threat Intel May 26, 2026 Vulnerability Intelligence Briefing Curated from daily vulnerability intelligence monitoring and exploitation telemetry analysis by cvelogic. --- 1. Known Exploited Vulnerabilities CISA KEV CVE-2026-48172 LiteSpeed cPanel Plugin Added to the CISA KEV catalog following...

10CVSS6.5AI score0.90762EPSS

Exploits82References1

EUVD•added 2026/05/26 3:4 p.m.•5 views

EUVD-2026-31851

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00016EPSS

Exploits0References1

Debian CVE•added 2026/05/25 8:19 p.m.•8 views

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

6.5CVSS5.8AI score0.00067EPSS

Exploits0

CVE•added 2026/05/22 1:12 p.m.•9 views

CVE-2026-8670

The CVE-2026-8670 entry concerns Avantra (Syslink software AG) on Linux and Windows, with an issue described as “Insufficient session expiration,” allowing reuse of session IDs (session replay). Affected release: Avantra before 25.3.1. The CVSSv3.1 vector indicates a Critical impact (HIGH confide...

9.6CVSS5.8AI score0.00041EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/21 7:34 a.m.•4 views

CVE-2026-44064

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

7.1CVSS5.8AI score0.00018EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/19 6:43 p.m.•4 views

EUVD-2026-30973

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS5.8AI score0.00066EPSS

Snyk•added 2026/05/11 2:2 p.m.•5 views

Insufficient Session Expiration

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Insufficient Session Expiration via misconfiguration of the CORSMiddleware module and improper session management. An attacker can gain unauthorized access and execute arbitrary code by enticing an...

8.9CVSS6.2AI score

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: Check ctr-cnr to avoid array index out of bounds. The cmtpaddconnection function adds a CMTS session to a controller and runs a kernel thread to process CMTS operations. modulegetTHISMODULE; session-task =...

7.8CVSS6.1AI score0.00018EPSS

Exploits0References2

OSV•added 2026/04/24 12:31 a.m.•1 views

GHSA-PR66-WHQJ-RQ5P Duplicate Advisory: OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group...

EUVD•added 2026/04/24 12:31 a.m.•1 views

Exploits0References5

EUVD-2026-25325

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

NVD•added 2026/04/23 10:16 p.m.•1 views

CVE-2026-41341

5.4CVSS0.00018EPSS

ATTACKERKB•added 2026/04/23 9:58 p.m.•1 views

CVE-2026-41341

Cvelist•added 2026/04/23 9:58 p.m.•29 views

CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension

5.4CVSS0.00018EPSS

Vulnrichment•added 2026/04/23 9:58 p.m.•1 views

CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension

5.4CVSS5.2AI score0.00018EPSS

Positive Technologies•added 2026/04/23 12:0 a.m.•2 views

PT-2026-34772

RedhatCVE•added 2026/04/20 7:23 p.m.•1 views

Exploits0References5

CVE-2026-6564

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...

5.3CVSS5.3AI score0.00014EPSS

Exploits0References1

EUVD•added 2026/04/19 12:31 p.m.•1 views

EUVD-2026-23692

5.3CVSS5.3AI score0.00014EPSS

Exploits0References5

NVD•added 2026/04/19 10:16 a.m.•1 views

CVE-2026-6564

5.3CVSS0.00014EPSS

CVE•added 2026/04/19 9:30 a.m.•5 views

CVE-2026-6564

EMQ EMQX Enterprise up to 6.1.0 contains a vulnerability in an unknown function of the Session Handling component that leads to improper authorization. The issue can be exploited remotely and an exploit is publicly available. Affected product: EMQX Enterprise (

5.3CVSS5.3AI score0.00014EPSS