CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/12 1:28 p.m.•26 views

CVE-2026-27851

7.4CVSS0.00016EPSS

ATTACKERKB•added 2026/05/12 1:28 p.m.•3 views

CVE-2026-27851

7.4CVSS5.8AI score0.00016EPSS

Exploits0References2

CVE•added 2026/05/12 1:28 p.m.•11 views

CVE-2026-27851

The CVE-2026-27851 issue affects openSUSE openSUSE Tumbleweed dovecot24-2.4.4-1.1. The root cause is when a safe filter is used with variable expansion, causing all following pipelines on the same string to be treated as safe, which can let unsafe data be unescaped. This can enable SQL and LDAP i...

9.1CVSS5.8AI score0.00016EPSS

Exploits0References1Affected Software2

SUSE CVE•added 2026/05/12 3:31 a.m.•6 views

SUSE CVE-2026-43291

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...

8.3CVSS5.8AI score0.00034EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40024

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description When the safe filter is used with variable expansion, subsequent pipelines on the same string are incorrectly treated as safe. This behavior allows unsafe data to be unescaped, which can lead to...

9.1CVSS5.8AI score0.00016EPSS

Exploits0References21

CNNVD•added 2026/05/12 12:0 a.m.•3 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability. This vulnerability arises from the use of a security filter for variable expansion, where all subsequent pipes on the same strin...

9.1CVSS5.9AI score0.00016EPSS

CVE•added 2026/05/11 9:51 p.m.•6 views

CVE-2026-43901

Wireshark MCP (v1.1.5 and earlier) is affected by CVE-2026-43901: the wireshark_export_objects MCP tool accepts an attacker-controlled dest_dir and passes it to tshark --export-objects with no mandatory path restriction. The internal sandbox (_allowed_dirs) is None by default and only activated w...

6.8CVSS5.8AI score0.00041EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2026/05/11 8:26 p.m.•6 views

CVE-2025-69599

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...

9.8CVSS5.8AI score0.00056EPSS

EUVD•added 2026/05/11 6:31 p.m.•7 views

EUVD-2026-29137

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...

EUVD•added 2026/05/11 6:31 p.m.•4 views

EUVD-2025-209770

A reflected cross-site scripted XSS vulnerability in the dfm-menualerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS6AI score0.00031EPSS

EUVD•added 2026/05/11 6:31 p.m.•6 views

EUVD-2025-209763

A reflected cross-site scripted XSS vulnerability in the dfm-menufirmware.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS6AI score0.00031EPSS

NVD•added 2026/05/11 6:16 p.m.•9 views

CVE-2026-44995

OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODEOPTIONS, LDPRELOAD, or BASHENV to spawne...

7.3CVSS0.00012EPSS

NVD•added 2026/05/11 6:16 p.m.•7 views

CVE-2026-44992

5CVSS0.0001EPSS

Vulnrichment•added 2026/05/11 4:46 p.m.•4 views

CVE-2026-44992 OpenClaw 2026.4.5 through 2026.4.19 - MiniMax API Host Override via Workspace dotenv

CVE•added 2026/05/11 4:46 p.m.•9 views

CVE-2026-44992

OpenClaw 2026.4.5 (vulnerable prior to 2026.4.20) suffers an environment variable injection vulnerability where workspace dotenv can override MINIMAX_API_HOST. This enables an attacker to redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key found...

Exploits0References3Affected Software1

ATTACKERKB•added 2026/05/11 4:46 p.m.•2 views

CVE-2026-44992

Exploits0References4Affected Software1

NVD•added 2026/05/11 4:17 p.m.•6 views

CVE-2025-61311

7.3CVSS0.00031EPSS

RedhatCVE•added 2026/05/11 5:54 a.m.•4 views

CVE-2026-5081

A flaw was found in Apache::Session::Generate::ModUniqueId, a Perl module designed to generate session identifiers. This module uses the Apache moduniqueid plugin's UNIQUEID environment variable directly as a session ID. The UNIQUEID is constructed from easily guessable information, such as the...

9.1CVSS5.8AI score0.00038EPSS

Exploits0References5

Cvelist•added 2026/05/11 12:0 a.m.•27 views

CVE-2025-61309

A reflected cross-site scripted XSS vulnerability in the dfm-menudepartments.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

0.00031EPSS