CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

74 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-44681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's...

6.1CVSS5.9AI score0.0004EPSS

Exploits1References3

OSV•added 2026/05/27 8:16 p.m.•6 views

DEBIAN-CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.8AI score0.0004EPSS

Exploits1References1

PyPA•added 2026/05/27 8:16 p.m.•6 views

PYSEC-2026-188

6.1CVSS5.8AI score0.0004EPSS

Exploits1References1Affected Software1

PyPA•added 2026/05/27 8:16 p.m.•5 views

PYSEC-0000-CVE-2026-44681

6.1CVSS5.8AI score0.0004EPSS

Exploits1References1Affected Software1

NVD•added 2026/05/27 8:16 p.m.•7 views

CVE-2026-44681

6.1CVSS0.0004EPSS

Exploits1References1

OSV•added 2026/05/27 8:16 p.m.•7 views

UBUNTU-CVE-2026-44681

6.1CVSS5.8AI score0.0004EPSS

Exploits1References3

ATTACKERKB•added 2026/05/27 7:20 p.m.•5 views

CVE-2026-44681

6.1CVSS5.8AI score0.0004EPSS

Exploits1References2Affected Software1

Snyk•added 2026/05/13 1:36 a.m.•8 views

Incorrect Authorization

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Incorrect Authorization via the validateauthorizationrequest function. An attacker can cause the server to redirect users to arbitrary URLs by submitting a crafted...

6.1CVSS5.9AI score0.0004EPSS

Exploits1References3

NCSC•added 2025/12/31 2:29 p.m.•7 views

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail. An unauthenticated malicious party can exploit the vulnerability to perform a cross-site scripting attack. The malicious party can thus execute JavaScript code in a user's browser and take over a user's account, for example. To do this, th...

7.2CVSS6.5AI score0.06858EPSS

Exploits1References1

Fedora•added 2025/12/25 1:8 a.m.•7 views

[SECURITY] Fedora 42 Update: roundcubemail-1.6.12-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

7.5CVSS7AI score0.06858EPSS

Exploits1

Fedora•added 2025/12/25 12:53 a.m.•8 views

[SECURITY] Fedora 43 Update: roundcubemail-1.6.12-1.fc43

7.5CVSS7AI score0.06858EPSS

Exploits1

Tenable Nessus•added 2025/12/25 12:0 a.m.•4 views

Fedora 42 : roundcubemail (2025-fec36f9eaf)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-fec36f9eaf advisory. Release 1.6.12 - Support IPv6 in database DSN 9937 - Don't force specific errorreporting setting - Fix compatibility with PHP 8.5 regarding arrayfir...

7.5CVSS6AI score0.06858EPSS

Exploits1References3