CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

623 matches found

surf is unmaintained

The surf crate is unmaintained, and all versions are affected. For alternatives, consider using reqwest or ureq. See this issue for more context...

5.8AI score

Exploits0

RustSec•added 10 hours ago•2 views

tide is unmaintained

The tide crate is unmaintained, and all versions are affected. The closest maintained alternative might be trillium. See this issue for more context...

5.8AI score

Exploits0

Positive Technologies•added 6 days ago•6 views

PT-2026-44910

Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in config.proxy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full...

8.7CVSS5.8AI score

Exploits0References4

FreeBSD Advisory•added 2026/05/20 12:0 a.m.•4 views

FreeBSD-SA-26:20.fusefs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:20.fusefs Security Advisory The FreeBSD Project Topic: Heap overflow in FUSELISTXATTR Category: core Module: fusefs Announced: 2026-05-20 Credits: Joshua...

5.5CVSS6AI score0.00048EPSS

Exploits0

Snyk•added 2026/05/14 2:22 p.m.•6 views

Malicious Package

Overview knot-activesupport-logger is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

9.8CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/14 2:22 p.m.•5 views

Malicious Package

Overview knot-simple-formatter is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

9.8CVSS5.8AI score

Exploits0References2

Debian CVE•added 2026/05/14 5:34 a.m.•2 views

CVE-2026-6063

Removed by vendor...

4.3CVSS5.8AI score0.00011EPSS

Exploits0

Debian CVE•added 2026/05/14 5:34 a.m.•4 views

CVE-2026-6073

Removed by vendor...

8.7CVSS5.8AI score0.00061EPSS

Exploits0

Debian CVE•added 2026/05/14 5:33 a.m.•3 views

CVE-2026-6883

Removed by vendor...

4.3CVSS5.8AI score0.00012EPSS

Exploits0

Debian CVE•added 2026/05/14 5:33 a.m.•4 views

CVE-2026-7481

Removed by vendor...

8.7CVSS5.8AI score0.00039EPSS

Exploits0

Debian CVE•added 2026/05/14 5:33 a.m.•4 views

CVE-2026-8144

Removed by vendor...

4.3CVSS5.8AI score0.00013EPSS

Exploits0

NVD•added 2026/05/12 10:16 a.m.•8 views

CVE-2026-5029

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

8.7CVSS0.00093EPSS

Exploits0References1

CNNVD•added 2026/05/01 12:0 a.m.•4 views

Oracle Linux 缓冲区错误漏洞

Oracle Linux is an open and complete operating environment from Oracle Corporation that provides virtualization, management and cloud-native computing tools, and operating systems. A buffer error vulnerability exists in Oracle Linux that stems from the ELF parser failing to perform bounds checkin...

4.4CVSS5.9AI score0.00018EPSS

Exploits0References1

OSV•added 2026/04/30 6:30 a.m.•1 views

GHSA-QP2C-XQV6-PHH6 django-mdeditor is Missing Authentication for Critical Function

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

7.1CVSS6.3AI score0.00129EPSS

Exploits0References7

Cvelist•added 2026/04/29 5:18 p.m.•23 views

CVE-2026-5712 IdentityIQ Role Editor Incorrect Authorization Vulnerability

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

8CVSS0.00044EPSS

Exploits0References1

UbuntuCve•added 2026/04/22 5:16 p.m.•0 views

CVE-2025-6016

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain...

6.5CVSS5.8AI score0.00032EPSS

Exploits0References1

OSV•added 2026/04/22 5:16 p.m.•0 views

UBUNTU-CVE-2025-6016

6.5CVSS5.8AI score0.00032EPSS

Exploits0References2

UbuntuCve•added 2026/04/22 5:16 p.m.•2 views

CVE-2025-3922

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient...

6.5CVSS5.8AI score0.00047EPSS

Exploits0References1

Debian CVE•added 2026/04/22 4:29 p.m.•1 views

CVE-2026-4922

Removed by vendor...

8.1CVSS5.8AI score0.0001EPSS

Exploits0

Debian CVE•added 2026/04/22 4:5 p.m.•4 views

CVE-2025-6016

Removed by vendor...

6.5CVSS5.8AI score0.00032EPSS

Exploits0