CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/11 10:16 p.m.•10 views

CVE-2026-45171

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...

8.8CVSS0.00544EPSS

OSV•added 2026/06/11 10:16 p.m.•2 views

DEBIAN-CVE-2026-12034

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS5.4AI score0.0018EPSS

OSV•added 2026/06/11 10:16 p.m.•3 views

DEBIAN-CVE-2026-12025

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.4AI score0.00227EPSS

CVE•added 2026/06/11 9:55 p.m.•17 views

CVE-2026-45171

Idira Privileged Session Manager (PSM) affected by CVE-2026-45171 due to incomplete input validation and misconfigured folder permissions. Versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 are at risk. An authenticated, low-privileged user could potentially execute arbitrary code. The issue is...

8.8CVSS5.8AI score0.00544EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/06/11 9:55 p.m.•9 views

CVE-2026-45171 Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation

8.7CVSS5.7AI score0.00544EPSS

Cvelist•added 2026/06/11 9:55 p.m.•33 views

CVE-2026-45171 Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation

8.7CVSS0.00544EPSS

Cvelist•added 2026/06/11 9:41 p.m.•31 views

CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.7CVSS0.0055EPSS

CVE•added 2026/06/11 9:41 p.m.•26 views

CVE-2026-45172

The CVE describes an input validation flaw in Idira Privileged Session Manager for SSH (PSMP). A authenticated, low-privilege user could potentially execute arbitrary commands on the PSMP host due to incomplete input validation in PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6. Affecte...

8.8CVSS5.9AI score0.0055EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/06/11 9:41 p.m.•10 views

CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command

8.7CVSS5.7AI score0.0055EPSS

Vulnrichment•added 2026/06/11 9:33 p.m.•9 views

CVE-2026-45173 Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure

8.4CVSS5.6AI score0.00161EPSS

CVE•added 2026/06/11 9:33 p.m.•17 views

CVE-2026-45173

The CVE concerns Idira Identity Browser Extension for Chrome, Firefox, and Edge, with versions prior to 26.8.1. A flaw in origin validation within internal web-page verification routines could allow a remote attacker to trigger unauthorized application interaction or execution parameters within a...

8.4CVSS5.8AI score0.00161EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/11 9:33 p.m.•29 views

CVE-2026-45173 Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure

8.4CVSS0.00161EPSS

IBM Security Bulletins•added 2026/06/11 9:17 p.m.•6 views

Security Bulletin: The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2026-34480, CVE-2026-34477, CVE-2026-34478, CVE-2026-34479).

Summary The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability, an Improper Validation of Certificate with Host Mismatch vulnerability and an Improper Output Neutralization for Logs vulnerability CVE-2026-34480,...

7.5CVSS6.4AI score0.0086EPSS

Exploits1Affected Software1

NVD•added 2026/06/11 9:16 p.m.•12 views

CVE-2026-53815

OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them by exploiting insufficient validation in the affected feature, potentially exposing...

7.1CVSS0.00215EPSS

NVD•added 2026/06/11 9:16 p.m.•11 views

CVE-2026-53816

OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or compromised paired node can send crafted node.event messages to the gateway,...

8.6CVSS0.00342EPSS

NVD•added 2026/06/11 9:16 p.m.•15 views

CVE-2026-53817

OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens. Attackers can exploit insufficient locality-derived trust validation to convert...

8.8CVSS0.00309EPSS

Cvelist•added 2026/06/11 8:48 p.m.•26 views

CVE-2026-12034

0.0018EPSS

Cvelist•added 2026/06/11 8:48 p.m.•30 views

CVE-2026-12025

0.00227EPSS