CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/10 12:0 a.m.•9 views

PT-2026-48476

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...

8.5CVSS5.4AI score0.00039EPSS

RedhatCVE•added 2026/06/05 7:40 p.m.•6 views

CVE-2026-7590

A vulnerability was identified in eyal-gor p69branchmonkeymcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branchmonkeymcp/bridgeandlocalactions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument...

7.5CVSS7AI score0.01366EPSS

OSV•added 2026/06/05 4:42 p.m.•5 views

GHSA-RM5C-5X2P-48WR Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

7.5CVSS5.5AI score0.00058EPSS

Exploits0References3

Cvelist•added 2026/06/05 2:30 p.m.•34 views

CVE-2026-11335 tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

7.5CVSS0.00232EPSS

EUVD•added 2026/06/05 2:30 p.m.•8 views

EUVD-2026-34842

7.5CVSS5.2AI score0.00232EPSS

CVE•added 2026/06/05 2:30 p.m.•14 views

CVE-2026-11335

The CVE-2026-11335 affects the tittuvarghese CollegeManagementSystem (login-form.php) where the session_start function can be manipulated via UserAuthData, enabling remote session fixation. The flaw is exploitable without user privileges and is evidenced by published exploits; the project reporte...

7.5CVSS6.2AI score0.00232EPSS

Positive Technologies•added 2026/06/05 12:0 a.m.•10 views

PT-2026-46961

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiatio...

7.5CVSS6.2AI score0.00232EPSS

Exploits0References7

CVE•added 2026/06/04 3:30 p.m.•13 views

CVE-2026-10815

The CVE-2026-10815 entry concerns LakshayD02’s Hostel-Management-System-PHP (up to commit f87e67c283bab6f718faf2fec6ae39a13bd7036b). The vulnerability affects the Admin Dashboard Page, specifically the hostel/index.php component, where manipulating the argument ID results in missing authorization...

6.5CVSS6.2AI score0.00209EPSS

RedhatCVE•added 2026/06/02 4:3 a.m.•12 views

CVE-2026-10169

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

EUVD•added 2026/06/01 4:30 p.m.•9 views

EUVD-2026-33670

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-si...

6.5CVSS6.3AI score0.00209EPSS

EUVD•added 2026/05/31 4:45 a.m.•13 views

EUVD-2026-33489

ATTACKERKB•added 2026/05/31 4:45 a.m.•10 views

Exploits0References4

CVE-2026-10169

Positive Technologies•added 2026/05/31 12:0 a.m.•12 views

Exploits0References4

PT-2026-45172

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax forgot password of the file application/controllers/Login.php of the component Forgot Password Endpoint. Th...

CNNVD•added 2026/05/27 12:0 a.m.•7 views

Jenkins Active Directory Plugin 安全漏洞

The Jenkins Active Directory Plugin is an identity integration plugin developed under the open-source project of Jenkins. Versions of the Jenkins Active Directory Plugin prior to 2.41 contained security vulnerabilities, which stemmed from the default behavior of following LDAP references...

6.6CVSS5.8AI score0.00232EPSS

NVD•added 2026/05/25 5:16 p.m.•16 views

CVE-2026-9472

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function downloadmarkdown/listdownloadedfiles/createsubdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T...

6.5CVSS0.00337EPSS

NVD•added 2026/05/25 11:16 a.m.•20 views

CVE-2026-9452

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS0.01385EPSS

Cvelist•added 2026/05/25 11:0 a.m.•39 views

CVE-2026-9452 FoundDream miniclawd exec.ts ExecTool.execute os command injection

7.5CVSS0.01385EPSS