CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EulerOS Virtualization 2.12.1 : glib2 (EulerOS-SA-2026-2074)

According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line...

9.8CVSS6.5AI score0.0005EPSS

EulerOS Virtualization 2.13.0 : glib2 (EulerOS-SA-2026-2165)

According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory...

Exploits2References8

EulerOS Virtualization 2.12.0 : glib2 (EulerOS-SA-2026-2099)

9.8CVSS6.5AI score0.0005EPSS

EulerOS Virtualization 2.13.1 : glib2 (EulerOS-SA-2026-2126)

According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory...

Exploits2References8

EulerOS Virtualization 2.10.0 : glib2 (EulerOS-SA-2026-2046)

According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types...

Tenable Nessus•added yesterday•5 views

EulerOS Virtualization 2.10.1 : glib2 (EulerOS-SA-2026-2019)

According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types...

RedhatCVE•added 2 days ago•5 views

CVE-2023-54344

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in...

9.8CVSS6.7AI score0.00217EPSS

RedhatCVE•added 2 days ago•4 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.5AI score0.00054EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-33121

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.8CVSS5.7AI score0.00039EPSS

Exploits1References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.4AI score0.00014EPSS

RedhatCVE•added 2 days ago•7 views

CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS6AI score0.00853EPSS

CVE•added 2 days ago•14 views

CVE-2026-46395

HAX CMS Node.js backend (before 26.0.0) exposes a critical cryptographic flaw in the hmacBase64() function. It uses a hardcoded signing key of the string "0" and then appends the real key (this.privateKey + this.salt) to the output, producing tokens that reveal the private key when decoded. An un...

9.3CVSS5.9AI score0.00037EPSS

ATTACKERKB•added 2 days ago•5 views

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

9.3CVSS5.9AI score0.00037EPSS

Exploits0References2Affected Software1

EUVD•added 2 days ago•5 views

EUVD-2026-34886

9.3CVSS5.9AI score0.00037EPSS

Vulnrichment•added 4 days ago•5 views

CVE-2026-10771 crmeb crmeb_java base64 Qrcode Endpoint RestTemplateUtil.java RestTemplate.getForEntity server-side request forgery

A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...

7.5CVSS5.5AI score0.00045EPSS

Exploits0References6

Metasploit•added 4 days ago•62 views

Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

5.9AI score

Exploits0

NVD•added 4 days ago•10 views

CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

5.9CVSS0.00019EPSS

Vulnrichment•added 4 days ago•7 views

CVE-2026-36610

5.8AI score0.00019EPSS