CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.5CVSS6.9AI score0.00043EPSS

CVE-2026-5985

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...

RedhatCVE•added 2 days ago•4 views

CVE-2026-33052

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the "addprofilethreshold" permission to create a global profile despite not having manageglobalprofilethreshold, by tampering with the userid parameter in a...

5.3CVSS5.3AI score0.00041EPSS

5CVSS5.6AI score0.00012EPSS

CVE-2026-44550

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

Exploits1References1

RedhatCVE•added 2 days ago•6 views

CVE-2026-7802

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8.8CVSS5.6AI score0.00062EPSS

RedhatCVE•added 2 days ago•7 views

CVE-2026-41702

VMware Fusion contains a TOCTOU Time-of-check Time-of-use vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is install...

7.8CVSS5.5AI score0.00043EPSS

9CVSS5.4AI score0.00041EPSS

CVE-2026-10868

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

8.3CVSS5.5AI score0.00049EPSS

CVE-2026-35478

InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the user field of a POST...

EUVD•added 3 days ago•6 views

EUVD-2026-34289

9CVSS5.8AI score0.00041EPSS

Cvelist•added 3 days ago•29 views

CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification

9CVSS0.00041EPSS

CVE•added 3 days ago•8 views

CVE-2026-10868

A vulnerability in MISP’s User edit flow (UsersController::edit()) allows mass assignment of user fields via a user-supplied User.id, potentially updating an unintended account. An authenticated attacker could craft requests containing another user identifier and modify account attributes dependi...

9CVSS5.8AI score0.00041EPSS

Vulnrichment•added 3 days ago•6 views

CVE-2026-10868 MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification

9CVSS5.8AI score0.00041EPSS

RustSec•added 4 days ago•7 views

Sender-binding gaps in to-device messages

The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...

5.8AI score

Exploits0Affected Software1

Positive Technologies•added 4 days ago•8 views

PT-2026-46093

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNEL UID or KERNEL GID value. The featu...

9.8CVSS6.1AI score

Positive Technologies•added 4 days ago•9 views

PT-2026-46124

9.8CVSS6.1AI score

RedHat Linux•added 6 days ago•8 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.8AI score0.00058EPSS

Exploits0References7

Vulnrichment•added 2026/05/29 6:43 a.m.•5 views

CVE-2025-11262 Link Whisper Free <= 0.9.0 - Unauthenticated Stored Cross-Site Scripting

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the userid parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00108EPSS

Exploits0References3

ATTACKERKB•added 2026/05/29 6:43 a.m.•6 views

CVE-2025-11262

7.2CVSS6AI score0.00108EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•6 views

PT-2026-44755

The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user id parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00108EPSS