CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/11 6:12 p.m.•10 views

CVE-2026-45224

CVE-2026-45224 – Crabbox

7.1CVSS5.9AI score0.00022EPSS

Cvelist•added 2026/05/11 5:40 p.m.•29 views

CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...

8.5CVSS0.00012EPSS

Exploits1References1

Vulnrichment•added 2026/05/11 5:40 p.m.•3 views

CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint

8.5CVSS5.9AI score0.00012EPSS

Exploits1References1

CVE•added 2026/05/11 5:40 p.m.•8 views

CVE-2026-42860

The CVE-2026-42860 issue affects Open edX Openedx Enterprise Service (edx-enterprise). From 7.0.2 through 7.0.4, the sync_provider_data endpoint retrieves SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated Enterprise Admin can PATCH this field to an arbitrary ...

8.5CVSS5.9AI score0.00012EPSS

Exploits1References1Affected Software1

CVE•added 2026/05/11 5:30 p.m.•7 views

CVE-2026-42858

Open edX Platform contains a server-side request forgery (SSRF) in the sync_provider_data endpoint of SAMLProviderDataViewSet. An authenticated Enterprise Admin can supply an arbitrary URL via the metadata_url parameter, which is passed to requests.get() in fetch_metadata_xml() without URL valida...

9.9CVSS6AI score0.00032EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/05/11 5:30 p.m.•27 views

CVE-2026-42858 Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint

Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...

8.5CVSS0.00032EPSS

Exploits1References3

SUSE CVE•added 2026/05/11 2:13 p.m.•4 views

SUSE CVE-2026-43395

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...

5.8AI score0.00013EPSS

CNNVD•added 2026/05/11 12:0 a.m.•2 views

Crabbox 路径遍历漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from path resolution in the Islo provider’s workspace, allowing attackers to provide...

7.1CVSS6.5AI score0.00022EPSS

Exploits0References1

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39730

7.1CVSS5.9AI score0.00022EPSS

Exploits0References5

CNVD•added 2026/05/11 12:0 a.m.•3 views

Linux kernel set_cig_params_sync function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from the setcigparamssync function in Bluetooth hciconn not locking hciconn, which can b...

7.8CVSS5.8AI score0.00015EPSS

Exploits0

CNNVD•added 2026/05/11 12:0 a.m.•5 views

EDX Open edX 代码问题漏洞

EDX Open edX is an online learning management system developed by the American company EDX. Versions 7.0.2 to 7.0.4 of EDX Open edX have code vulnerabilities. These vulnerabilities stem from the syncproviderdata endpoint in the SAMLProviderDataViewSet, which retrieves the SAML metadata URL from...

8.5CVSS5.9AI score0.00012EPSS

Exploits1References1

EUVD•added 2026/05/10 3:31 p.m.•5 views

EUVD-2022-55974

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

NVD•added 2026/05/10 1:16 p.m.•7 views

CVE-2022-50949

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

6.4CVSS0.00032EPSS

ATTACKERKB•added 2026/05/10 12:12 p.m.•3 views

CVE-2022-50949

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

Exploits0References3Affected Software1

CVE•added 2026/05/10 12:12 p.m.•6 views

CVE-2022-50949

The CVE-2022-50949 entry concerns WordPress Plugin Videos sync PDF 1.7.4, which contains a stored cross-site scripting (XSS) vulnerability in unsanitized parameters (nom, pdf, mp4, webm, ogg). Exploitation enables an authenticated attacker with low privileges to inject JavaScript via the plugin o...

Vulnrichment•added 2026/05/10 12:12 p.m.•6 views

CVE-2022-50949 WordPress Plugin Videos sync PDF 1.7.4 Stored XSS

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

Positive Technologies•added 2026/05/10 12:0 a.m.•5 views

PT-2026-39478