CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

742 matches found

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.4AI score0.00037EPSS

Exploits1References1

RedhatCVE•added yesterday•2 views

CVE-2026-39555

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...

8.1CVSS5.4AI score0.00041EPSS

Exploits0References1

Fedora•added yesterday•6 views

[SECURITY] Fedora 44 Update: rust-sequoia-sq-1.3.1-12.fc44

Command-line frontends for Sequoia...

5.8AI score

Exploits0

Cvelist•added 2 days ago•30 views

CVE-2026-38570

bacnetstack 1.3.1 contains an Out-of-bounds Read in bacnettagnumberdecode which allows attackers to cause a denial of service...

0.00018EPSS

Exploits0References2

EUVD•added 2 days ago•4 views

EUVD-2026-34310

bacnetstack 1.3.1 contains an Out-of-bounds Read in bacnettagnumberdecode which allows attackers to cause a denial of service...

5.8AI score0.00018EPSS

Exploits0References2

RedhatCVE•added 3 days ago•6 views

CVE-2026-38967

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

9.8CVSS5.8AI score0.00048EPSS

Exploits0References1

NVD•added 4 days ago•9 views

CVE-2026-38967

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

9.8CVSS0.00048EPSS

Exploits0References2

NVD•added 4 days ago•8 views

CVE-2026-39555

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...

8.1CVSS0.00041EPSS

Exploits0References1

Positive Technologies•added 4 days ago•7 views

PT-2026-45831

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

5.8AI score0.00048EPSS

Exploits0References3

Cvelist•added 4 days ago•26 views

CVE-2026-38967

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

0.00048EPSS

Exploits0References2

CVE•added 4 days ago•10 views

CVE-2026-38967

CVE-2026-38967 affects CrowCpp Crow through v1.3.1 HTTP and is caused by unvalidated response header values, leading to response header injection. The vulnerability has a CVSS v3.1 score of 9.8 (CRITICAL) with network attack vector, no user interaction, and impacts on confidentiality, integrity, ...

9.8CVSS5.8AI score0.00048EPSS

Exploits0References2

Nuclei•added 5 days ago•8 views

OpenMetaData - SpEL Injection in PUT /api/v1/policies

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS7.4AI score0.92915EPSS

Exploits0References5

EUVD•added 2026/05/27 9:49 a.m.•10 views

EUVD-2026-32184

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...

7.1CVSS5.8AI score0.00036EPSS

Exploits0References1

CVE•added 2026/05/27 8:32 a.m.•7 views

CVE-2025-10466

CVE-2025-10466 affects Synology Safe Access in SRM, with the issue arising from improper input neutralization during web page generation (XSS). Affected product/version: Safe Access before 1.3.1-0329. Impact described: remote authenticated administrators can read or write specific files containin...

5.9CVSS5.8AI score0.00037EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/27 5:31 a.m.•26 views

CVE-2026-8941 CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

4.3CVSS0.00013EPSS

Exploits0References3

ATTACKERKB•added 2026/05/27 5:31 a.m.•6 views

CVE-2026-8941

4.3CVSS5.7AI score0.00013EPSS

Exploits0References4

CVE•added 2026/05/27 5:31 a.m.•9 views

CVE-2026-8941

The CVE concerns the WordPress plugin CDN Linker lite (

4.3CVSS5.7AI score0.00013EPSS

Exploits0References3

Positive Technologies•added 2026/05/27 12:0 a.m.•10 views

PT-2026-43536

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdl off options function. This makes it possible for unauthenticated attackers to update the plugin's setting...

4.3CVSS5.7AI score0.00013EPSS

Exploits0References5

Patchstack•added 2026/05/26 5:23 p.m.•5 views

WordPress CDN Linker lite plugin <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin CDN Linker lite versions = 1.3.1...

4.3CVSS5.8AI score0.00013EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/05/25 7:18 p.m.•4 views

WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WPCS versions = 1.3.1...

7.1CVSS5.8AI score0.00036EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by