CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2026/04/10 6:31 p.m.•5 views

africa.shuwari.sbt:sbt-js_2.12_1.0 (>=0.14.1 <=0.16.1), africa.shuwari.sbt:sbt-netbeans_2.12_1.0 (>=0.1.0 <=0.1.1) +19147 more potentially affected by CVE-2026-34477 via org.apache.logging.log4j:log4j-core (>=2.12.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.12.0, =0.14.1, =0.1.0, =0.9.6, =0.12.0, =0.9.6, =0.9.6, =0.9.6, =0.9.6, =0.14.1, =0.9.6, =0.14.1, =4.4.0.1, =1.4.6, =1.4.6, =1.4.8 and more Source cves: CVE-2026-34477 Source advisory: OSV:GHSA-6HG6-V5C8-FPHQ...

6.3CVSS5.8AI score0.00029EPSS

Exploits0

OSV•added 2026/04/07 12:0 a.m.•0 views

OPENSUSE-SU-2026:10496-1 git-cliff-2.12.0-1.1 on GA media

These are all security issues fixed in the git-cliff-2.12.0-1.1 package on the GA media of openSUSE Tumbleweed...

5.1CVSS5.8AI score0.00033EPSS

IBM Security Bulletins•added 2026/03/29 11:41 p.m.•8 views

Security Bulletin: IBM Content Navigator is affected by Apache Xerces2

Summary IBM Content Navigator is affected by multiple vulnerabilities in the Apache Xerces2 Java XML parser library. CVE-2009-2625 and CVE-2022-23437 describe infinite loop conditions triggered by malformed XML input, leading to application hang or denial of service. CVE-2012-0881 allows CPU...

7.8CVSS6.7AI score0.08028EPSS

Exploits2Affected Software1

Tenable Nessus•added 2026/03/16 12:0 a.m.•2 views

EulerOS Virtualization 2.12.0 : util-linux (EulerOS-SA-2026-1525)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifical...

6.1CVSS5.9AI score0.00009EPSS

OpenVAS•added 2026/03/16 12:0 a.m.•1 views

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2026-1480)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.00102EPSS

Exploits1References2

Tenable Nessus•added 2026/03/16 12:0 a.m.•2 views

EulerOS Virtualization 2.12.0 : perl (EulerOS-SA-2026-1509)

According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths.If a directory handle is open ...

5.9CVSS5.9AI score0.00031EPSS

OpenVAS•added 2026/03/16 12:0 a.m.•1 views

Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2026-1505)

6.5CVSS5.8AI score0.00309EPSS

Snyk•added 2026/03/12 9:41 p.m.•2 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper validation of the crit header parameter. An attacker can bypass critical header checks by crafting a JSON Web Signature JWS token with unrecognized critical extensions. Po...

8.7CVSS5.8AI score0.00014EPSS

Exploits1References2

ATTACKERKB•added 2026/03/12 9:41 p.m.•1 views

CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

7.5CVSS5.8AI score0.00014EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2026/01/27 3:23 p.m.•1 views

CVE-2026-24656

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...

OSV•added 2026/01/26 12:30 p.m.•1 views

GHSA-JMW5-58C7-587H Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter Log Socket Collector exposes port 4560 without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. The Log Socket Collector is vulnerable to deserialization of...

OSV•added 2026/01/26 10:16 a.m.•2 views

Exploits0References6

CVE-2026-24656

3.7CVSS5.8AI score

NVD•added 2026/01/26 10:16 a.m.•4 views

CVE-2026-24656

3.7CVSS0.00037EPSS

CVE•added 2026/01/26 9:41 a.m.•11 views

CVE-2026-24656

Concretely, CVE-2026-24656 affects Apache Karaf Decanter before 2.12.0, specifically the Decanter log socket collector that exposes port 4560 without authentication. If the collector exposes the allowed-classes property, this configuration can be bypassed, allowing deserialization of untrusted da...

Exploits0References2Affected Software1

ATTACKERKB•added 2026/01/26 9:41 a.m.•1 views

CVE-2026-24656

Cvelist•added 2026/01/26 9:41 a.m.•30 views

CVE-2026-24656 Apache Karaf: Decanter log-socket collector has deserialization vulnerability

0.00037EPSS

EUVD•added 2026/01/26 9:41 a.m.•4 views

EUVD-2026-4680

RedhatCVE•added 2026/01/23 9:16 p.m.•2 views

CVE-2025-68883

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through = 2.12.0...

7.1CVSS5.4AI score0.00064EPSS