CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/21 9:43 p.m.•3 views

CVE-2026-1354 Zero Motorcycles Firmware Key Exchange without Entity Authentication

6.4CVSS5.7AI score0.00134EPSS

EUVD•added 2026/04/21 9:31 p.m.•7 views

EUVD-2026-24439

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

4.9CVSS5.7AI score0.00299EPSS

EUVD•added 2026/04/21 9:31 p.m.•4 views

EUVD-2026-24339

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

9.8CVSS5.8AI score0.00312EPSS

EUVD•added 2026/04/21 9:31 p.m.•5 views

EUVD-2026-24346

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS5.7AI score0.00303EPSS

EUVD•added 2026/04/21 9:31 p.m.•6 views

EUVD-2026-24295

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS5.7AI score0.00323EPSS

NVD•added 2026/04/21 9:16 p.m.•6 views

CVE-2026-35235

4.9CVSS0.00299EPSS

vulnersOsv•added 2026/04/21 8:39 p.m.•6 views

@chocolatey-software/astro (>=2.7.0 <=2.8.0), @kyro-cms/admin (=0.1.2) +9 more potentially affected by CVE-2026-41067 via astro (>=6.0.0-beta.1 <=6.1.5)

astro NPM version =6.0.0-beta.1, =2.7.0, =0.19.0, =0.19.0, =1.10.0, =1.0.0, =1.4.2, =0.0.1, =0.0.1, =0.0.7 Source cves: CVE-2026-41067 Source advisory: SNYK:JS-ASTRO-16119128...

6.1CVSS5.4AI score0.00189EPSS

Exploits1

Cvelist•added 2026/04/21 8:38 p.m.•34 views

CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS

9.8CVSS0.00312EPSS

ATTACKERKB•added 2026/04/21 8:35 p.m.•8 views

CVE-2026-35235

4.9CVSS5.7AI score0.00299EPSS

Debian CVE•added 2026/04/21 8:35 p.m.•6 views

CVE-2026-35236

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

4.9CVSS7AI score0.00242EPSS

Exploits0

ATTACKERKB•added 2026/04/21 8:35 p.m.•12 views

CVE-2026-34303

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

6.5CVSS5.7AI score0.00303EPSS

ATTACKERKB•added 2026/04/21 8:35 p.m.•4 views

CVE-2026-34293

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...

4.9CVSS5.7AI score0.00323EPSS

ATTACKERKB•added 2026/04/21 8:35 p.m.•9 views

CVE-2026-34267

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

4.9CVSS5.7AI score0.00323EPSS

Vulnrichment•added 2026/04/21 8:30 p.m.•5 views

CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function loglogin of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

5.3CVSS5.5AI score0.00147EPSS

Exploits0References3

RedhatCVE•added 2026/04/21 7:23 p.m.•7 views

CVE-2026-41285

In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery ND option over a local network with length zero, because of an "ndoptlen 8 - 2" expression with no preceding check for whether ndoptlen is zero...

4.3CVSS5.8AI score0.00209EPSS

EUVD•added 2026/04/21 6:31 p.m.•4 views

EUVD-2026-24143

This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of...

9.4CVSS6AI score0.0127EPSS

Exploits0References3

NVD•added 2026/04/21 6:16 p.m.•4 views

CVE-2026-40588

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/slug/edit/ does not include a currentpassword field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid authenticated session —...

8.1CVSS0.00215EPSS