CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/12 2:16 a.m.•13 views

CVE-2026-20746

PingDirectory (Ping Identity) is affected; copying virtual attributes that reference ds-privilege-name values can exhaust the Java heap when recent login history is enabled. The root cause is in virtual attribute handling within affected PingDirectory versions, enabling only authorized users to t...

6.3CVSS5.5AI score0.00278EPSS

EUVD•added 2026/06/12 2:16 a.m.•7 views

EUVD-2026-36374

6.3CVSS5.5AI score0.00278EPSS

Positive Technologies•added 2026/06/12 12:0 a.m.•10 views

PT-2026-48882

Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...

9.8CVSS6.1AI score0.00788EPSS

Exploits0References8

Positive Technologies•added 2026/06/12 12:0 a.m.•12 views

PT-2026-48990

Name of the Vulnerable Software and Affected Versions sanitize-html versions prior to 2.17.5 Description The software uses the allowedSchemesAppliedToAttributes variable to control the naughtyHref function, which is designed to block dangerous URI schemes such as javascript: and vbscript:. Howeve...

5.4CVSS5.2AI score0.00136EPSS

Positive Technologies•added 2026/06/12 12:0 a.m.•12 views

PT-2026-48819

6.3CVSS5.5AI score0.00278EPSS

Exploits0References4

Positive Technologies•added 2026/06/12 12:0 a.m.•10 views

PT-2026-48973

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description Multiple mass assignment issues exist in the handling of collections, tag collections, event delegations, and shadow attributes. Certain controller actions accept user-supplied fields that shoul...

8.8CVSS5.3AI score0.00262EPSS

Exploits0References4

Positive Technologies•added 2026/06/12 12:0 a.m.•8 views

PT-2026-49007

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authorization flaw exists in the object add/edit handling. An authenticated user with object editing permissions can assign a MISP object, or attributes within an object, to a sharing group...

5.3CVSS5.3AI score0.0022EPSS

Tenable Nessus•added 2026/06/12 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46625

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js- cookie's internal assign helper copies properties with...

7.5CVSS5.3AI score0.00362EPSS

OSV•added 2026/06/11 12:21 p.m.•3 views

SUSE-SU-2026:2368-1 Security update for strongswan

This update for strongswan fixes the following issues - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

5.4AI score

Exploits6References17

RedHat Linux•added 2026/06/11 6:28 a.m.•8 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

RedHat Linux•added 2026/06/11 2:46 a.m.•6 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

RedHat Linux•added 2026/06/11 2:46 a.m.•7 views

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RedHat Linux•added 2026/06/11 2:23 a.m.•7 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

RedHat Linux•added 2026/06/11 2:23 a.m.•5 views

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RedHat Linux•added 2026/06/11 1:41 a.m.•3 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

RedHat Linux•added 2026/06/11 1:41 a.m.•6 views

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

EUVD•added 2026/06/11 12:32 a.m.•6 views

EUVD-2026-36143

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser...

5.4CVSS5.5AI score0.00141EPSS

RedHat Linux•added 2026/06/11 12:23 a.m.•6 views

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...

RedHat Linux•added 2026/06/11 12:23 a.m.•5 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling