CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•10 views

CVE-2026-9722

The CVE-2026-9722 entry concerns the WordPress plugin Laiser Tag, affected versions ≤ 1.2.5. The root cause is missing or incorrect nonce validation in the addOptionsPageFields function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to modify plugin settings (API key,...

4.3CVSS5.7AI score0.00012EPSS

ATTACKERKB•added 2 days ago•6 views

CVE-2026-9722

4.3CVSS5.7AI score0.00012EPSS

Exploits0References5

Cvelist•added 2 days ago•32 views

CVE-2026-9722 Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

4.3CVSS0.00012EPSS

Positive Technologies•added 2 days ago•4 views

PT-2026-45713

4.3CVSS5.7AI score0.00012EPSS

Exploits0References5

Tenable Nessus•added 6 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-49299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single- tag write operations while the defined policy rules us...

NVD•added last week•5 views

Exploits0References3

CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

5.3CVSS0.00043EPSS

Vulnrichment•added last week•4 views

CVE-2026-49299

CVE•added last week•14 views

Exploits0References3

CVE-2026-49299

OpenStack Neutron prior to 28.0.1 is affected: the tagging controller enforces plural policy action names on single-tag write operations while policy rules use singular names, causing the mismatch to evaluate as allowed under the default policy. This permits a project reader to create and update ...

Debian CVE•added last week•5 views

CVE-2026-49299

Positive Technologies•added 2026/05/28 12:0 a.m.•8 views

Exploits0

PT-2026-44555

The Hacker News•added 2026/05/23 9:51 a.m.•17 views

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses...

6AI score

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•9 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Avoid setting PGmtetagged if no tags are cleared or restored. Prior to commit 69e3b846d8a7 “arm64: mte: Sync tags for pages where PTE is untagged”, mtesynctags was only called for ptetagged entries those mapped with...

5.8AI score0.00024EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: suppress non-changes to the tagging protocol The way that dsatreechangetagproto works is as follows: When dsatreenotify fails, it does not know whether the operation failed midway through a multi-switch tree, or ...

5.5CVSS5.7AI score0.00074EPSS

EUVD•added 2026/05/08 3:31 p.m.•3 views

EUVD-2026-28613

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...

5.8AI score0.00013EPSS

Exploits0References8

CNNVD•added 2026/05/08 12:0 a.m.•2 views

kimai 安全漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developers. Versions of Kimai from 2.27.0 to 2.54.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for any ROLEUSER to create tags with formula strings as names using...

6.8CVSS5.8AI score0.00034EPSS

Exploits1References1

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: arm64: Fixed a shift-out-of-bounds bug Fixed a shift-out-of-bounds bug reported by UBSAN when running a VM with MTE enabled on a host kernel. UBSAN: Shift-out-of-bounds in arch/arm64/kvm/sys regs.c:1988:14. The shift...

5.5CVSS6.6AI score0.00019EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: lapb: increase LAPBHEADERLEN It is unclear whether the net/lapb code is supposed to be ready for 8021q. We can at least avoid crashes like the following: skbuff: skbunderpanic: text:ffffffff8aabe1f6 len:24 put:20...

5.5CVSS6.2AI score0.00013EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a btf decltag bug when tagging a function syzbot reported a btf decltag bug with stack trace below: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 1 PREEMPT SMP KASAN KASAN:...

5.5CVSS6.5AI score0.00024EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in dokrealloc This patch addresses an issue introduced by commit 1a83a716ec233 "mm: krealloc: consider spare memory for GFPZERO" which causes MTE Memory Tagging Extension to falsely report a...

5.5CVSS6.5AI score0.00011EPSS