CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

241908 matches found

ATTACKERKB•added 2026/06/02 4:13 p.m.•6 views

CVE-2026-1871

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to...

7.1CVSS6.1AI score0.00305EPSS

Exploits0References5

RedHat Linux•added 2026/06/02 4:12 p.m.•9 views

xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

9.1CVSS5.7AI score0.00397EPSS

Exploits0References4

RedHat Linux•added 2026/06/02 4:12 p.m.•9 views

xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

7.8CVSS5.7AI score0.00179EPSS

Exploits0References4

RedhatCVE•added 2026/06/02 4:1 p.m.•10 views

CVE-2026-10257

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

6.5CVSS5.7AI score0.00319EPSS

Exploits0References1

RedhatCVE•added 2026/06/02 4:1 p.m.•8 views

CVE-2026-10246

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...

5.1CVSS4.1AI score0.00199EPSS

Exploits0References1

RedhatCVE•added 2026/06/02 4:1 p.m.•9 views

CVE-2026-10245

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function createsupplier of the file /ShowForm/createsupplier/main. Executing a manipulation of the argument companyname can lead to cross site scripting. The attack can be launched...

5.1CVSS4.2AI score0.00203EPSS

Exploits0References1

RedhatCVE•added 2026/06/02 4:1 p.m.•11 views

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS5.7AI score0.00201EPSS

Exploits0References1

CVE•added 2026/06/02 2:48 p.m.•5 views

CVE-2026-42654

CVE-2026-42654 affects the WordPress Wallet System for WooCommerce plugin (versions up to 2.7.5). The vulnerability is an authentication bypass via an alternate path or channel that enables password recovery exploitation. This is described as a broken authentication vulnerability and specifically...

7.1CVSS5.8AI score0.00207EPSS

Exploits0References1

Cvelist•added 2026/06/02 2:48 p.m.•31 views

CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...

7.1CVSS0.00207EPSS

Exploits0References1

EUVD•added 2026/06/02 2:48 p.m.•9 views

EUVD-2026-33947

7.1CVSS5.8AI score0.00207EPSS

Exploits0References1

ATTACKERKB•added 2026/06/02 2:48 p.m.•8 views

CVE-2026-42654

7.1CVSS5.8AI score0.00207EPSS

Exploits0References2

Vulnrichment•added 2026/06/02 2:48 p.m.•8 views

CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability

7.1CVSS5.8AI score0.00207EPSS

Exploits0References1

Patchstack•added 2026/06/02 2:40 p.m.•5 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mukhlis Amien in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.6...

8.5CVSS5.9AI score0.00332EPSS

Exploits0Affected Software1

RedHat Linux•added 2026/06/02 2:17 p.m.•16 views

Important: Red Hat Security Advisory: Red Hat Lightspeed (formerly Insights) for Runtimes security update

An update is now available for Red Hat Lightspeed formerly Insights for Runtimes on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS7.3AI score0.00522EPSS

Exploits1References7

ATTACKERKB•added 2026/06/02 2:0 p.m.•6 views

CVE-2019-25719

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attacke...

8.8CVSS5.8AI score0.00132EPSS

Exploits0References4