CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

309 matches found

Github Security Blog•added 2026/06/15 8:9 p.m.•6 views

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00024EPSS

Exploits0References3Affected Software1

Packet Storm News•added 2026/06/11 12:0 a.m.•5 views

Joern 4.0.556

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.3AI score

Exploits0

Fedora•added 2026/06/05 4:26 a.m.•9 views

[SECURITY] Fedora 44 Update: perl-ExtUtils-Builder-Compiler-0.036-1.fc44

This is an interface wrapping around different compilers. It's usually not used directly but by a portability layer like ExtUtils::Builder::Autodetect::C...

5.3CVSS5.8AI score0.00327EPSS

Exploits0

Packet Storm News•added 2026/06/04 12:0 a.m.•4 views

Joern 4.0.554

5.9AI score

Exploits0

OSV•added 2026/06/01 12:0 p.m.•6 views

RUSTSEC-2026-0156 Bad-free in `MetaCallException::new`

exceptionstruct is a local stack variable, but the code passes its address to the C language as &mut exceptionstruct as mut as mut cvoid. Then, the returned MetaCallException value is stored here: rust OkSelf exceptionstruct: Arc::newexceptionstruct, value: exceptionptr, leak: false, Because leak...

5.8AI score

Exploits0References3

Packet Storm News•added 2026/06/01 12:0 a.m.•12 views

Poking around in the Dark: Why a Shared Understanding of Components Matters

By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...

5.8AI score

Exploits0

Fedora•added 2026/05/27 1:27 a.m.•8 views

[SECURITY] Fedora 43 Update: uriparser-1.0.2-1.fc43

Uriparser is a strictly RFC 3986 compliant URI parsing library written in C. uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license...

5.1CVSS5.8AI score0.00172EPSS

Exploits0

Packet Storm News•added 2026/05/27 12:0 a.m.•10 views

Joern 4.0.548

5.9AI score

Exploits0

Packet Storm News•added 2026/05/22 12:0 a.m.•8 views

Joern 4.0.546

5.9AI score

Exploits0

Packet Storm News•added 2026/05/22 12:0 a.m.•9 views

An Empirical Evaluation of LLM-Generated Code Security across Prompting Methods

The growing use of Large Language Models LLMs for automated code generation has enhanced software development efficiency, but often at the cost of security. Generated code frequently overlooks critical concerns, leaving it vulnerable to issues such as weak encryption and improper input validation...

5.9AI score

Exploits0

Fedora•added 2026/05/21 1:28 a.m.•8 views

[SECURITY] Fedora 43 Update: mingw-expat-2.8.1-1.fc43

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

7.5CVSS5.8AI score0.00379EPSS

Exploits0

CVE•added 2026/05/20 3:55 p.m.•18 views

CVE-2026-9100

The CVE-2026-9100 entry affects the MongoDB C Driver’s legacy GridFS API. The issue arises when reading GridFS metadata with the legacy API, where malformed metadata from the database can trigger a crash (division-by-zero) or an out-of-bounds read that leaks process memory. Reports in connected r...

6CVSS5.8AI score0.00281EPSS

Exploits0References1

Packet Storm News•added 2026/05/19 12:0 a.m.•17 views

Joern 4.0.542

5.9AI score

Exploits0

CNNVD•added 2026/05/19 12:0 a.m.•8 views

GoHTTP 路径遍历漏洞

GoHTTP is a web server written in C language by itang’s individual developer. Version 34ea51 of GoHTTP has a path traversal vulnerability, which allows attackers to perform directory traversal by submitting specially crafted requests...

7.3CVSS5.8AI score0.00523EPSS

Exploits0References1

Packet Storm News•added 2026/05/18 12:0 a.m.•9 views

Joern 4.0.540

5.9AI score

Exploits0

Packet Storm News•added 2026/05/13 12:0 a.m.•9 views

Joern 4.0.538

5.9AI score

Exploits0

Packet Storm News•added 2026/05/12 12:0 a.m.•11 views

Joern 4.0.537

5.9AI score

Exploits0

CNNVD•added 2026/05/11 12:0 a.m.•6 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities originate from the ogsnnrfnfmhandlenfprofile function in the...

6.5CVSS5.8AI score0.00378EPSS

Exploits1References1

CNNVD•added 2026/05/08 12:0 a.m.•7 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function ogssbiparseplmnlist in the component NSSF’s...

6.5CVSS5.8AI score0.00382EPSS

Exploits1References1

Packet Storm News•added 2026/05/06 12:0 a.m.•2 views

Joern 4.0.534

5.9AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by