CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

83 matches found

CVE-2026-32847

DeepCode (commit c991dc2) exposes a path traversal vulnerability in the SPA catch-all route of new_ui/backend/main.py. An unauthenticated attacker can read arbitrary files by sending percent-encoded path segments to GET /{full_path:path}, bypassing Starlette path normalization via %2F and %2E%2E....

8.7CVSS5.9AI score0.00101EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/01 1:53 p.m.•2 views

EUVD-2026-26503

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuseadddirenttocache computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...

5.8AI score0.00015EPSS

Exploits0References5

Positive Technologies•added 2026/04/30 12:0 a.m.•2 views

PT-2026-36198

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.99.2 Description When the SPA authentication driver is used with an adversarial SPA resource, an out-of-bounds write can occur, leading to a crash of the connection instance. Additionally, erroneous data processing may...

9.8CVSS5.8AI score0.00182EPSS

Exploits0References12

Microsoft CVE•added 2026/04/26 8:3 a.m.•0 views

ALSA: ctxfi: Limit PTP to a single page

...

7.8CVSS5.8AI score0.00015EPSS

Exploits0

EUVD•added 2026/04/24 2:42 p.m.•0 views

EUVD-2026-25495

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CTPTPNUM from 1 to 4 to support 256 playback streams, but the additional pages are not used by the card correctly. The CT20K2 hardware already has multiple...

5.4AI score0.00015EPSS

Exploits0References4

Cvelist•added 2026/04/24 2:42 p.m.•27 views

CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page

7.8CVSS0.00015EPSS

Exploits0References9

Positive Technologies•added 2026/04/24 12:0 a.m.•2 views

PT-2026-34954

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA ctxfi component where the ct vm map function always uses Page Table Entries PTEs in vm-ptp0.area regardless of the CT PTP NUM value. On AMD64 systems, a singl...

9.8CVSS5.8AI score0.00102EPSS

Exploits0References71

CNNVD•added 2026/04/01 12:0 a.m.•1 views

File Browser 跨站脚本漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained a cross-site scripting vulnerability. This vulnerability...

6.9CVSS5.6AI score0.0003EPSS

Exploits1References2

Snyk•added 2026/03/31 11:45 p.m.•2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the branding.name field on SPA index page in File Browser. An attacker can execute arbitrary JavaScript in the context of all users, including unauthenticated visitors, by injecting malicious payloads into t...

6.9CVSS6AI score0.0003EPSS

Exploits1References2

Snyk•added 2026/03/31 11:45 p.m.•2 views

Cross-site Scripting (XSS)

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the branding.name field on SPA index page in File Browser. An attacker can execute arbitrary JavaScript in the context of all users, includin...

6.9CVSS6AI score0.0003EPSS

Exploits1References2

OSV•added 2026/03/08 3:15 p.m.•0 views

CVE-2026-3743

A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/DsinglePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used...

5.4CVSS4.1AI score0.00036EPSS

Exploits1References4

CVE•added 2026/03/08 3:2 p.m.•5 views

CVE-2026-3743

YiFang CMS 2.0.5 contains an XSS flaw in the update path for file app/db/admin/D_singlePageGroup.php. Manipulating the Name argument enables cross-site scripting, and the attack can be launched remotely. Public exploit and details exist; vendor was contacted but did not respond. No remediation de...

5.4CVSS4.2AI score0.00036EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/03/08 3:2 p.m.•25 views

CVE-2026-3742 YiFang CMS D_singlePage.php update cross site scripting

A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/DsinglePage.php. Performing a manipulation of the argument Title results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and ma...

5.1CVSS0.00036EPSS

Exploits1References4

CVE•added 2026/03/08 3:2 p.m.•5 views

CVE-2026-3742

Affected software: YiFang CMS 2.0.5. The vulnerability resides in the function update of the file app/db/admin/D_singlePage.php where manipulating the argument Title triggers cross-site scripting. The exploit is publicly available and can be initiated remotely. Exploit code maturity is reported a...

5.4CVSS4.3AI score0.00036EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/01/27 8:36 a.m.•2 views

CVE-2026-24801 A Potential SPA-vulnerability in Ralim/IronOS

Vulnerability in Ralim IronOS source/Core/BSP/Pinecilv2/blmcusdk/components/ble/blestack/common/tinycrypt/source modules. This vulnerability is associated with program files eccdsa.C. This issue affects IronOS: before v2.23-rc3...

6.9CVSS5.9AI score0.00049EPSS

Exploits0References1