CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•47 views

Traccar - Unrestricted File Upload

Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this...

8.5CVSS7.7AI score0.54413EPSS

Exploits9References3

NVD•added 3 days ago•8 views

CVE-2026-56450

AIL did not restrict repeated failed attempts to verify a two-factor authentication OTP code. An attacker who had reached the 2FA verification step, such as after successfully completing the password-authentication stage, could submit an unlimited number of OTP guesses. This could enable...

5.1CVSS0.0033EPSS

ATTACKERKB•added 3 days ago•3 views

CVE-2026-56450

5.1CVSS5.9AI score0.0033EPSS

EUVD•added 3 days ago•7 views

EUVD-2026-38239

5.1CVSS5.9AI score0.0033EPSS

Cvelist•added 3 days ago•31 views

CVE-2026-56450 AIL Framework - Missing Rate Limiting Enables Brute-Force Attacks Against Two-Factor Authentication Codes

5.1CVSS0.0033EPSS

RedHat Linux•added 3 days ago•4 views

kernel: netfilter: ctnetlink: ensure safe access to master conntrack

A flaw was found in the netfilter: ctnetlink component of the Linux kernel. This vulnerability occurs due to insufficient locking when accessing the master conntrack object, allowing it to become invalid while still being referenced. A local attacker could potentially exploit this race condition,...

7.8CVSS5.8AI score0.00096EPSS

Exploits0References5

NVD•added 4 days ago•8 views

CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS0.00105EPSS

NVD•added 4 days ago•10 views

CVE-2026-12789

A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument trouptablenav leads t...

5.8CVSS0.00206EPSS

EUVD•added 4 days ago•9 views

EUVD-2026-38153

5.8CVSS5.7AI score0.00206EPSS

Cvelist•added 4 days ago•33 views

CVE-2026-12789 ILIAS Learning Management System Learning Progress Tracking class.ilTrQuery.php executeQueries sql injection

5.8CVSS0.00206EPSS

CVE•added 4 days ago•16 views

CVE-2026-12789

The CVE concerns ILIAS Learning Management System 11.0. The vulnerability affects the function ilTrQuery::executeQueries (file: components/ILIAS/Tracking/classes/class.ilTrQuery.php) in the Learning Progress Tracking component. The issue arises from manipulation of the troup_table_nav argument, l...

5.8CVSS5.7AI score0.00206EPSS

Positive Technologies•added 4 days ago•12 views

PT-2026-51207

Name of the Vulnerable Software and Affected Versions ILIAS Learning Management System version 11.0 Description An issue exists in the Learning Progress Tracking component within the ilTrQuery::executeQueries function of the components/ILIAS/Tracking/classes/class.ilTrQuery.php file. Remote...

5.8CVSS5.8AI score0.00206EPSS

Exploits0References9

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fixed the issue with zerovruntime tracking. John reported that stress-ng-yield could cause his machine to behave abnormally. He managed to bisect the process to commit the change identified as b3d99f43c72b „sched/fair...

5.5CVSS5.7AI score0.00122EPSS

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability in WebKit2GTK

An information disclosure issue was resolved by removing the vulnerable code. This issue has been fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari’s private browsing mode...

5.3CVSS6.9AI score0.00418EPSS

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not cause an overflow during division for dirty tracking. If pgshift is 63, then BITSPERTYPEbitmap-bitmap pgsize will result in an overflow to 0, which can trigger a division by zero. In this case, the index should...

5.7AI score0.00168EPSS

AstraLinux•added 6 days ago•1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: fixed the legacy client tracking initialization. Remove the nfsd4legacytrackingops-init call from checkforlegacymethods. This issue will be handled by the caller nfsd4clienttrackinginit. Otherwise, we will end up calling...

5.5CVSS6.1AI score0.00152EPSS

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Disabling IBT when the hypercall page lacks the ENDBR instruction. On hardware that supports Indirect Branch Tracking IBT, Hyper-V VMs with ConfigVersion 9.3 or later support IBT in the guest. However, current version...

5.2AI score0.00166EPSS