CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

90 matches found

Positive Technologies•added yesterday•6 views

PT-2026-48807

Summary Arc registers Go's net/http/pprof handlers at /debug/pprof/ via app.Usepprof.New in internal/api/server.go, and /debug/pprof is added to PublicPrefixes in cmd/arc/main.go. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any...

8.8CVSS6.1AI score

Exploits0References5

CloudLinux•added 2026/05/30 10:23 a.m.•7 views

bind: Fix of CVE-2026-1519

CVE-2026-1519: Limit NSEC3 iterations when validating referrals to unsigned delegations to avoid excessive CPU consumption...

7.5CVSS5.4AI score0.00061EPSS

Exploits0

CNNVD•added 2026/05/27 12:0 a.m.•5 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the rtonextcpu function in the RT scheduler not skipping the currently executing CPU. This allows...

5.8AI score0.00031EPSS

Exploits0References8

NVD•added 2026/05/19 12:16 p.m.•10 views

CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

7.5CVSS0.00059EPSS

Exploits0References6

CVE•added 2026/05/13 12:19 a.m.•39 views

CVE-2026-8202

CVE-2026-8202 affects MongoDB Server prior to certain fixed versions: v7.0 before 7.0.34, v8.0 before 8.0.23, v8.2 before 8.2.9, and v8.3 before 8.3.2. The issue is a post-authentication CPU DoS caused by using a densely populated characters mask with large input strings in the MongoDB aggregatio...

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1Affected Software1

GithubExploit•added 2026/04/10 6:34 a.m.•199 views

Exploit for CVE-2026-23869

CVE-2026-23869 - Proof of Concept PoC Description This...

7.5CVSS5.9AI score0.00841EPSS

Exploits3

OSV•added 2026/03/16 3:30 p.m.•2 views

GHSA-M5RV-56XX-HFC6 Mattermost fails to properly handle very long passwords

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly handle very long passwords, which allows an attacker to overload the server CPU and memory via executing login attempts with multi-megabyte passwords. Mattermost Advisory ID: MMSA-2026-00587...

7.5CVSS5.8AI score0.00063EPSS

Exploits0References4

RedhatCVE•added 2026/01/28 9:17 p.m.•3 views

CVE-2026-24738

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

6.5CVSS5.8AI score0.00008EPSS

Exploits0References1

RedhatCVE•added 2026/01/20 7:20 p.m.•1 views

CVE-2025-69199

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS5.5AI score0.00081EPSS

Exploits0References1

Cvelist•added 2025/10/29 10:10 p.m.•4 views

CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

0.00044EPSS

Exploits0References4