CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 12 hours ago•11 views

CVE-2026-13519

The CVE-2026-13519 entry describes a stack-based buffer overflow in Tenda JD12L (version 16.03.53.23) within the fromNatStaticSetting function of /goform/NatStaticSetting. The vulnerability is triggered by manipulation of an input argument (page), allowing remote execution without user interactio...

9CVSS8AI score

EUVD•added 12 hours ago•6 views

EUVD-2026-40016

9CVSS8AI score

Cvelist•added 12 hours ago•7 views

CVE-2026-13519 Tenda JD12L NatStaticSetting fromNatStaticSetting stack-based overflow

9CVSS

EUVD•added 2 days ago•9 views

EUVD-2026-39931

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.9AI score0.00251EPSS

Exploits0References10

Debian CVE•added 5 days ago•5 views

CVE-2026-52944

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...

5.7AI score0.00165EPSS

Exploits0

NVD•added 5 days ago•5 views

CVE-2026-10753

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

2.7CVSS0.00168EPSS

Exploits0References1

EUVD•added 5 days ago•5 views

EUVD-2026-38695

2.7CVSS5.8AI score0.00168EPSS

Exploits0References1

ICS•added 6 days ago•11 views

Hubbell Aclara Metrum Cellular Web Interface

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

8.7CVSS5.9AI score0.00726EPSS

Exploits0References11

AstraLinux•added 2026/06/19 11:10 a.m.•2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: The commit pointer of the HVS FIFO is cleared once the operation is completed. Commit 9ec03d7f1ed3 “drm/vc4: kms: Wait for previous FIFO users before committing” introduced a wait for the previous commit that was...

7.8CVSS5.7AI score0.00216EPSS

7.1CVSS5.4AI score0.00147EPSS

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed an out-of-bounds situation when setting channels during iavfremove. If the channels are set to a value greater than what is actually allocated, it will cause a timeout, and an error will be returned. However, the...

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: think-lmi: Fixed memory leaks when parsing ThinkStation WMI strings My previous commit introduced a memory leak, where the memory allocated by the tlmisetting function was not freed. This commit also renames the...

5.2AI score0.00168EPSS

Exploits0References1

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in python-kdcproxy

If kdcproxy receives a request for a realm whose configuration does not define any server addresses, it will, by default, query DNS zone records that match the requested realm name. This creates a server-side request-forgery vulnerability, as an attacker could send a request for a realm that...

8.6CVSS5.6AI score0.00397EPSS

8.8CVSS8.6AI score0.01378EPSS

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for PHP. Users who publish a composer.phar file to a publicly accessible web server where the file can be executed as a PHP file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22, an...

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: s390/qeth: Fixed a kernel panic that occurred after setting the hsuid attribute. Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device, while the corresponding network interface is already up, the...

4.4CVSS6.5AI score0.0022EPSS

5.5CVSS6.2AI score0.00155EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Disable SCO support if READVOICESETTING is not supported/broken. A SCO connection with incorrect voice settings can cause the controller to lock up...