CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2 days ago•5 views

EUVD-2026-33981

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS5.7AI score0.00024EPSS

CVE•added 2 days ago•8 views

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon (up to version 2.19.0) is affected by a stack-based buffer overflow in the BGP AS_PATH mask matching implementation (nest/a-path.c). The as_path_match() routine uses a fixed-size stack capable of 2048 + 1 pm_pos entries, while parse_path() expands AS_PATH segme...

6.3CVSS6.1AI score0.0004EPSS

Exploits1References2

NVD•added 2 days ago•5 views

CVE-2026-42654

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...

7.1CVSS0.00037EPSS

ATTACKERKB•added 2 days ago•3 views

CVE-2026-1871

7.1CVSS6.1AI score0.00035EPSS

Exploits0References5

CVE•added 2 days ago•4 views

CVE-2026-1871

CVE-2026-1871 affects TP-Link Tapo C200 v5. The issue is a stack-based buffer overflow in the RTSP authentication handling caused by improper validation of Authorization header lengths. Exploitation triggers a crash of the RTSP core service and an automatic system reboot, resulting in a DoS that ...

7.1CVSS6.1AI score0.00035EPSS

RedHat Linux•added 2 days ago•5 views

xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

9.1CVSS5.7AI score0.00032EPSS

RedHat Linux•added 2 days ago•5 views

xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

7.8CVSS5.7AI score0.00005EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-10245

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function createsupplier of the file /ShowForm/createsupplier/main. Executing a manipulation of the argument companyname can lead to cross site scripting. The attack can be launched...

5.1CVSS4.2AI score0.00034EPSS

RedhatCVE•added 2 days ago•6 views

CVE-2026-10257

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS5.7AI score0.00033EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-10246

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...

5.1CVSS4.1AI score0.00034EPSS

RedhatCVE•added 2 days ago•7 views

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS5.7AI score0.00028EPSS

ATTACKERKB•added 2 days ago•5 views

CVE-2026-42654

Vulnrichment•added 2 days ago•4 views

Exploits0References2

CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability

Cvelist•added 2 days ago•28 views

CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability

7.1CVSS0.00037EPSS

CVE•added 2 days ago•4 views

CVE-2026-42654

CVE-2026-42654 affects the WordPress Wallet System for WooCommerce plugin (versions up to 2.7.5). The vulnerability is an authentication bypass via an alternate path or channel that enables password recovery exploitation. This is described as a broken authentication vulnerability and specifically...

EUVD•added 2 days ago•3 views

EUVD-2026-33947

Patchstack•added 2 days ago•2 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mukhlis Amien in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.6...

5.9AI score

Exploits0Affected Software1

RedHat Linux•added 2 days ago•8 views

Important: Red Hat Security Advisory: Red Hat Lightspeed (formerly Insights) for Runtimes security update

An update is now available for Red Hat Lightspeed formerly Insights for Runtimes on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS7.3AI score0.00022EPSS

Exploits1References7

ATTACKERKB•added 2 days ago•3 views

CVE-2019-25719

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attacke...

8.8CVSS5.8AI score0.00017EPSS