CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/04/17 12:0 a.m.•2 views

Unity Linux 20.1070a Security Update: libsoup (UTSA-2026-007256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007256 advisory. A flaw in libsoups HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies...

8.2CVSS5.8AI score0.00024EPSS

Tenable Nessus•added 2026/04/17 12:0 a.m.•2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007582)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007582 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stal...

5.6AI score0.00058EPSS

OSV•added 2026/04/16 11:36 p.m.•1 views

BIT-AUTHENTIK-2025-29928 authentik's deletion of sessions did not revoke sessions when using database session storage

authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...

8CVSS5.7AI score0.00243EPSS

Exploits0References3

OSV•added 2026/04/16 10:50 p.m.•1 views

GHSA-F5V8-V6Q3-Q4H6 Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

Summary Meridian v2.1.0 Meridian.Mapping and Meridian.Mediator shipped with nine defense-in-depth gaps reachable through its public APIs. Two are HIGH severity — the advertised DefaultMaxCollectionItems and DefaultMaxDepth safety caps are silently bypassed on the IMapper.Mapsource, destination...

7.5CVSS5.9AI score

Github Security Blog•added 2026/04/16 10:38 p.m.•6 views

Authlib: Cross-site request forging when using cache

Summary There is no CSRF protection on the cache feature on most integrations clients. Details In authlib.integrations.starletteclient.OAuth, no CSRF protection is set up when using the cache parameter. When not using the cache parameter, the use of SessionMiddleware ties the client to the auth...

5.4CVSS5.8AI score0.00023EPSS

Exploits1References4Affected Software1

OSV•added 2026/04/16 10:38 p.m.•1 views

GHSA-JJ8C-MMJ3-MMGV Authlib: Cross-site request forging when using cache

5.4CVSS5.8AI score0.00023EPSS

Exploits1References4

IBM Security Bulletins•added 2026/04/16 12:12 p.m.•11 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple vulnerabilities were addressed in IBM Event Processing 1.5.0 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. Th...

9.2CVSS5.9AI score0.00044EPSS

Exploits3Affected Software1

OSV•added 2026/04/16 12:1 a.m.•4 views

RLSA-2026:8317 Important: squid:4 security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling CVE-2026-33526 Squid: Squid: Denial of Service via crafted ICP traffic CVE-2026-32748 For...

7.5CVSS5.8AI score0.01395EPSS

Exploits0References3

Rockylinux•added 2026/04/16 12:1 a.m.•4 views

squid:4 security update

An update is available for squid, libecap, module.libecap, module.squid. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Squid is a high-performance proxy cachin...

9.2CVSS5.8AI score0.01395EPSS

Exploits0

Tenable Nessus•added 2026/04/16 12:0 a.m.•6 views

SUSE SLED15 / SLES15 Security Update : himmelblau (SUSE-SU-2026:1361-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1361-1 advisory. Update to version 2.3.9+git0.a9fd29b; jscPED-14511: - CVE-2026-34397: Fix LPE due to name collision during NSS...

8.8CVSS5.9AI score0.00188EPSS

Exploits4References23

Tenable Nessus•added 2026/04/16 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: squid (UTSA-2026-007175)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007175 advisory. Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. Th...

6.9CVSS5.8AI score0.00044EPSS

Snyk•added 2026/04/15 7:19 p.m.•6 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...

Github Security Blog•added 2026/04/15 7:19 p.m.•4 views

Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache

Affected Components - DSF FHIR Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server API v2 process plugins using FHIR client connections with configured OIDC authentication. Summa...

Exploits0References5Affected Software2

OSV•added 2026/04/15 7:19 p.m.•1 views

GHSA-XMJ9-7625-F634 Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache

Snyk•added 2026/04/15 7:19 p.m.•4 views

Exploits0References5

Always-Incorrect Control Flow Implementation

Snyk•added 2026/04/15 7:19 p.m.•5 views

Always-Incorrect Control Flow Implementation