CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

1612 matches found

Nuclei•added 7 hours ago•5 views

WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting

Code for Recovery 12 Step Meeting List versions up to 3.14.33 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft a malicious URL. id:...

7.1CVSS5.7AI score0.1309EPSS

Exploits0References4

OSV•added yesterday•3 views

GHSA-49RJ-9FVP-4H2H React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE

When using React Router v7 in Framework Mode, there exists a combination of steps that could potentially allow unauthorized RCE through external requests. This first requires the application code to have an existing prototype pollution vulnerability. This can be leveraged into a 2-step attack in...

8.1CVSS5.9AI score0.00252EPSS

Exploits0References3

Wolfi•added 2 days ago•8 views

CVE-2026-27136 vulnerabilities

Vulnerabilities for packages: step-issuer, prometheus-operator, flux, nerdctl, telegraf, snyk-cli, istio, crossplane-provider-azure-authorization, kots, gptscript, hydra, hubble, kyverno, vale, crossplane-provider-azure-storage, helm, terraform-provider-acme, kine, gitea, glab,...

6.1CVSS5.8AI score0.00031EPSS

Wolfi•added 2 days ago•6 views

CVE-2026-42506 vulnerabilities

Vulnerabilities for packages: step-issuer, prometheus-operator, flux, nerdctl, telegraf, snyk-cli, istio, crossplane-provider-azure-authorization, kots, gptscript, hydra, hubble, kyverno, vale, crossplane-provider-azure-storage, helm, terraform-provider-acme, kine, gitea, glab,...

6.1CVSS5.8AI score0.00032EPSS

Wolfi•added 2 days ago•6 views

GHSA-CG87-VWWH-XVGJ vulnerabilities

Vulnerabilities for packages: step-issuer, prometheus-operator, flux, nerdctl, telegraf, snyk-cli, istio, crossplane-provider-azure-authorization, kots, gptscript, hydra, hubble, kyverno, vale, crossplane-provider-azure-storage, helm, terraform-provider-acme, kine, gitea, glab,...

Wolfi•added 2 days ago•7 views

GHSA-5CV4-JP36-H3MW vulnerabilities

Vulnerabilities for packages: step-issuer, prometheus-operator, flux, nerdctl, telegraf, snyk-cli, istio, crossplane-provider-azure-authorization, kots, gptscript, hydra, hubble, kyverno, vale, crossplane-provider-azure-storage, helm, terraform-provider-acme, kine, gitea, glab,...

Wolfi•added 2 days ago•8 views

CVE-2026-42502 vulnerabilities

Vulnerabilities for packages: step-issuer, prometheus-operator, flux, nerdctl, telegraf, snyk-cli, istio, crossplane-provider-azure-authorization, kots, gptscript, hydra, hubble, kyverno, vale, crossplane-provider-azure-storage, helm, terraform-provider-acme, kine, gitea, glab,...

6.1CVSS5.8AI score0.00031EPSS

Wolfi•added 2 days ago•8 views

CVE-2026-25681 vulnerabilities

Vulnerabilities for packages: step-issuer, prometheus-operator, flux, nerdctl, telegraf, snyk-cli, istio, crossplane-provider-azure-authorization, kots, gptscript, hydra, hubble, kyverno, vale, crossplane-provider-azure-storage, helm, terraform-provider-acme, kine, gitea, glab,...

6.1CVSS5.8AI score0.00031EPSS

Wolfi•added 2 days ago•6 views

GHSA-WRH2-89VG-4J9G vulnerabilities

Vulnerabilities for packages: step-issuer, prometheus-operator, flux, nerdctl, telegraf, snyk-cli, istio, crossplane-provider-azure-authorization, kots, gptscript, hydra, hubble, kyverno, vale, crossplane-provider-azure-storage, helm, terraform-provider-acme, kine, gitea, glab,...

Wolfi•added 2 days ago•7 views

CVE-2026-25680 vulnerabilities

Vulnerabilities for packages: step-issuer, prometheus-operator, flux, nerdctl, telegraf, snyk-cli, istio, crossplane-provider-azure-authorization, kots, gptscript, hydra, hubble, kyverno, vale, crossplane-provider-azure-storage, helm, terraform-provider-acme, kine, gitea, glab,...

6.5CVSS5.8AI score0.00061EPSS

Wolfi•added 2 days ago•6 views

GHSA-W9P8-PVXH-RXPJ vulnerabilities

Vulnerabilities for packages: step-issuer, prometheus-operator, flux, nerdctl, telegraf, snyk-cli, istio, crossplane-provider-azure-authorization, kots, gptscript, hydra, hubble, kyverno, vale, crossplane-provider-azure-storage, helm, terraform-provider-acme, kine, gitea, glab,...

Wolfi•added 2 days ago•6 views

GHSA-M9X8-M34X-FJ9Q vulnerabilities

Vulnerabilities for packages: step-issuer, prometheus-operator, flux, nerdctl, telegraf, snyk-cli, istio, crossplane-provider-azure-authorization, kots, gptscript, hydra, hubble, kyverno, vale, crossplane-provider-azure-storage, helm, terraform-provider-acme, kine, gitea, glab,...

Positive Technologies•added 2 days ago•5 views

PT-2026-45834

Name of the Vulnerable Software and Affected Versions React Router versions 7.0.0 through 7.14.1 Description When using Framework Mode, a sequence of actions could allow unauthorized remote code execution RCE via external requests. This occurs if the application code already contains a prototype...

8.1CVSS6.4AI score0.00252EPSS

Exploits0References5

HackRead•added 3 days ago•9 views

How to Get a Reddit API Key in 2026: Step-by-Step Guide

Getting a Reddit API key starts with creating an application through Reddit’s developer portal and understanding how its…...

ATTACKERKB•added 6 days ago•4 views

CVE-2026-44648

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...

7.5CVSS5.8AI score0.00016EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/05/27 5:1 p.m.•31 views

CVE-2026-48128 Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step

Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...

5.1CVSS0.00077EPSS

Exploits0References1

EUVD•added 2026/05/27 5:1 p.m.•5 views

EUVD-2026-32594

Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...

5.1CVSS6AI score0.00077EPSS

Exploits0References1

CVE•added 2026/05/27 5:1 p.m.•9 views

CVE-2026-48128

Budibase prior to 3.39.0 is vulnerable to SSRF via the executeQuery automation step. The executeQuery step accepts a queryId from automation inputs and forwards it to the query execution controller without additional validation. When a REST datasource targets internal infrastructure, this can cau...

5.1CVSS6AI score0.00077EPSS

Exploits0References1

OSSF Malicious Packages•added 2026/05/26 1:8 p.m.•10 views

Malicious code in vectordb-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42695503b90ec4adc30c038c3321d637f05038f841bcc5f463a16b891fe4e3e0 During pip install, a custom buildext step in src/vectordbenginebuild.py runs an obfuscated payload that performs targeted reconnaissance and...

Exploits0References2

RedHat Linux•added 2026/05/26 5:5 a.m.•7 views

freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks

An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. An attacker may be able to leverage this weakness to leak global data...

9.4CVSS5.7AI score0.00058EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by