CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2 days ago•4 views

CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing

6.3CVSS5.8AI score0.00042EPSS

ATTACKERKB•added 2 days ago•3 views

CVE-2026-49753

6.3CVSS5.8AI score0.00042EPSS

Exploits0References5Affected Software1

RedhatCVE•added 3 days ago•4 views

CVE-2026-45631

Dokploy is a free, self-hostable Platform as a Service PaaS. From 0.27.0 to before 0.29.3, a hardcoded BETTERAUTHSECRET fallback "better-auth-secret-123456789" lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the...

10CVSS5.9AI score0.00066EPSS

ATTACKERKB•added 3 days ago•5 views

CVE-2026-9330

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

Exploits0References2Affected Software1

CVE•added 3 days ago•17 views

CVE-2026-9330

IBM WebSphere Application Server 9.0 and 8.5 are affected by CVE-2026-9330 due to improper validation of user-supplied data during deserialization in the SAML Web Single Sign-On component, potentially enabling remote code execution via a crafted HTTP request with a gadget chain. Affected products...

Vulnrichment•added 3 days ago•7 views

CVE-2026-9330 IBM WebSphere Application Server is affected by remote code execution

EUVD•added 3 days ago•8 views

EUVD-2026-33740

CNNVD•added 3 days ago•4 views

IBM WebSphere Application Server (WAS) code-related vulnerabilities

IBM WebSphere Application Server WAS is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications and forms the foundation of the IBM WebSphere software suite. Versions 9.0 and 8.5 of IBM WebSphere Application Server contained code...

Cvelist•added 4 days ago•28 views

CVE-2026-10167 OUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_auth_cookie improper authentication

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

7.5CVSS0.00061EPSS

CVE•added 4 days ago•10 views

CVE-2026-10167

CVE-2026-10167 affects the OUSL-GROUP-BrinaryBrains School Student Management System, specifically the MY_Controller component’s Login.php, function sign_auth_cookie. A manipulation of the role argument can lead to improper authentication, with remote exploitation possible. Public exploit exists....

7.5CVSS6.8AI score0.00061EPSS

ATTACKERKB•added 4 days ago•7 views

CVE-2026-10167

7.5CVSS6.8AI score0.00061EPSS

EUVD•added 4 days ago•10 views

EUVD-2026-33487

7.5CVSS5.5AI score0.00061EPSS

RedhatCVE•added 5 days ago•9 views

CVE-2026-45343

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS5.9AI score0.00096EPSS

Github Security Blog•added 6 days ago•13 views

Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation

Summary modules/sso/clients.php validates an admcsrftoken on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, a...

5.8AI score

Exploits0References2Affected Software1

Snyk•added 6 days ago•3 views

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the enable process in modules/sso/clients.php when handling SAML or OIDC client state changes...

5.4CVSS5.8AI score

Exploits0References2

NVD•added 6 days ago•7 views

CVE-2026-44649

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

9.8CVSS0.00067EPSS

ATTACKERKB•added 6 days ago•4 views

CVE-2026-49380

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible...

3.1CVSS5.8AI score0.00001EPSS

Exploits0References2

Cvelist•added 6 days ago•22 views

CVE-2026-44649 SillyTavern: Authentication Bypass via SSO Header Injection

9.8CVSS0.00067EPSS