CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

253855 matches found

Chainguard•added 11 minutes ago•2 views

GHSA-QPGP-93VX-G8V8 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips...

5.4AI score

Exploits0

Circl•added 1 hour ago•5 views

CVE-2026-11837

creationtimestamp| type| source ---|---|--- 2026-06-10 06:00:45+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnvzvhfhhz25 2026-06-10 06:00:51+00:00| seen| https://infosec.exchange/users/offseq/statuses/116724284473192022...

7.3CVSS5.3AI score

Exploits0References2

OSV•added 2 hours ago•2 views

MGASA-2026-0190 Updated golang-x-net packages fix security vulnerability

CVE-2024-45338 An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.5AI score0.00046EPSS

Exploits0References3

Mageia•added 2 hours ago•2 views

Updated golang-x-net packages fix security vulnerability

5.3CVSS6.5AI score0.00046EPSS

Exploits0References2

OSV•added 2 hours ago•2 views

MGASA-2026-0186 Updated libxpm packages fix security vulnerability

libXpm Out-of-bounds read in xpmNextWord. CVE-2026-4367...

5.4AI score

Exploits0References4

Circl•added 2 hours ago•3 views

CVE-2025-59382

creationtimestamp| type| source ---|---|--- 2026-06-10 05:02:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvwmmlkfz2h...

5.1CVSS5.3AI score

Exploits0References1

CVE•added 4 hours ago•8 views

CVE-2025-66280

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score

Exploits0References1

EUVD•added 4 hours ago•4 views

EUVD-2025-210101

5.1CVSS5.5AI score

Exploits0References1

Wolfi•added 5 hours ago•6 views

CVE-2026-11645 vulnerabilities

Vulnerabilities for packages: chromium...

8.8CVSS5.7AI score0.0008EPSS

Exploits0

EUVD•added 5 hours ago•4 views

EUVD-2025-210095

QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:...

5.1CVSS5.5AI score

Exploits0References1

Circl•added 6 hours ago•4 views

CVE-2026-53675

creationtimestamp| type| source ---|---|--- 2026-06-10 01:32:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvkuvwacd2m...

5.3CVSS5.3AI score

Exploits0References1

Circl•added 6 hours ago•4 views

CVE-2026-45782

creationtimestamp| type| source ---|---|--- 2026-06-10 01:07:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvjj7zznp2v...

8.9CVSS5.3AI score

Exploits0References1

Circl•added 6 hours ago•3 views

CVE-2026-46517

creationtimestamp| type| source ---|---|--- 2026-06-10 00:53:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnviqw426o23 2026-06-10 02:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnvmhu5mqf2g 2026-06-10 02:40:58+00:00| seen|...

7.8CVSS5.3AI score

Exploits0References3

EUVD•added 7 hours ago•3 views

EUVD-2026-35919

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser avrcparsvendorcmd in components/bt/host/bluedroid/stack/avrc/avrcparstg.c. This issue has been patched ...

4.6CVSS5.4AI score

Exploits0References7

NVD•added 7 hours ago•6 views

CVE-2026-41728

Spring Data REST's JSON Patch application/json-patch+json implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0...

7.5CVSS

Exploits0References1

NVD•added 7 hours ago•4 views

CVE-2026-40991

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS

Exploits0References1

CVE•added yesterday•7 views

CVE-2026-41701

CVE-2026-41701 affects Spring AMQP (RabbitTemplate) where correlation IDs for replies on fixed reply queues are generated by an internal simple counter, making them predictable. This data from NVD/CVE listings confirms the issue affects multiple versions (2.4.0–2.4.17, 3.1.0–3.1.15, 3.2.0–3.2.10,...

4.4CVSS5.5AI score

Exploits0References1

EUVD•added yesterday•3 views

EUVD-2026-35873

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

7.8CVSS6.2AI score

Exploits0References1

RedhatCVE•added yesterday•3 views

CVE-2026-46490

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

8.8CVSS5.3AI score0.00047EPSS

Exploits1References1

OSV•added yesterday•3 views

GHSA-46Q3-7GV7-QMGG Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

5.8CVSS5.6AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by