CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/03 12:0 a.m.•10 views

PT-2026-46127

7.1CVSS5.8AI score0.00041EPSS

Tenable Nessus•added 2026/06/03 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-5422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within...

8.1CVSS6.7AI score0.00044EPSS

Exploits1References3

Positive Technologies•added 2026/06/03 12:0 a.m.•9 views

PT-2026-46122

Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.91.0 Description The LaTeX backend fails to validate path containment when handling the includegraphics, input, and include commands. This allows attackers to use path traversal sequences, such as ../../../etc/passw...

5.5CVSS5.9AI score0.00012EPSS

Positive Technologies•added 2026/06/03 12:0 a.m.•11 views

PT-2026-46088

Summary The HTTP server in browserstack-runner serves files from the project directory via the default handler. This handler uses path.joinprocess.cwd, uri to resolve file paths but does not validate that the resulting path stays within the project root. Combined with the server binding on 0.0.0....

7.1CVSS6AI score0.00031EPSS

Positive Technologies•added 2026/06/03 12:0 a.m.•8 views

PT-2026-45951

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The unicodedata.normalize function can consume excessive CPU time when processing specially crafted Unicode input. This occurs when the input contains long sequences of combining characters wi...

6.3CVSS5.4AI score0.00065EPSS

Exploits0References16

RedhatCVE•added 2026/06/02 10:3 p.m.•11 views

CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00103EPSS

Exploits0References1

NVD•added 2026/06/02 8:16 p.m.•9 views

CVE-2026-48596

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

2.1CVSS0.00028EPSS

CVE•added 2026/06/02 7:9 p.m.•12 views

CVE-2026-48596

Summary: CVE-2026-48596 affects the Elixir Tesla library (tesla) in its multipart handling. The vulnerability is in Tesla.Multipart.add_content_type_param/2, which appends caller-supplied strings to content_type_params without validating CR (\r) or LF (\n). Tesla.Multipart.headers/1 then joins th...

OSV•added 2026/06/02 7:9 p.m.•8 views

EEF-CVE-2026-48596 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection

Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

ATTACKERKB•added 2026/06/02 7:9 p.m.•7 views

CVE-2026-48596

Exploits0References5Affected Software1

Cvelist•added 2026/06/02 7:9 p.m.•30 views

CVE-2026-48596 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection

2.1CVSS0.00028EPSS

EUVD•added 2026/06/02 7:9 p.m.•7 views

EUVD-2026-34016

Vulnrichment•added 2026/06/02 7:9 p.m.•4 views

CVE-2026-48596 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection

The Hacker News•added 2026/06/02 6:21 p.m.•17 views

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR,...

8.8CVSS6.5AI score0.11605EPSS

Exploits34

RedHat Linux•added 2026/06/02 5:41 p.m.•6 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

7.5CVSS6.6AI score0.00034EPSS

Exploits0References9

RedHat Linux•added 2026/06/02 5:41 p.m.•10 views

Important: Red Hat Security Advisory: Red Hat Data Grid 8.6.1 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

10CVSS7AI score0.00065EPSS

Exploits6References14

NVD•added 2026/06/02 4:16 p.m.•11 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS0.00028EPSS