CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 15 hours ago•11 views

CVE-2026-12060 Hepta Platforms｜Heptabase - Exposed Dangerous

6.9CVSS

CVE•added 15 hours ago•11 views

CVE-2026-12060

CVE-2026-12060 concerns Heptabase (Hepta Platforms) with an Exposed Dangerous Method or Function vulnerability. The description indicates unauthenticated remote attackers can leverage social engineering to persuade a victim to open or load a malicious webpage inside the Heptabase application, res...

6.9CVSS5.3AI score

EUVD•added 15 hours ago•9 views

EUVD-2026-36390

6.9CVSS5.3AI score

Positive Technologies•added 22 hours ago•6 views

PT-2026-48831

6.9CVSS5.3AI score

RedhatCVE•added 2026/06/05 7:26 p.m.•7 views

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS5.9AI score0.00005EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в firefox

When a user has already allowed a website to access the microphone and camera, disabling camera sharing does not completely prevent the website from re-enabling them without an additional prompt. This is only possible if the website continues to record with the microphone until the camera is...

4.3CVSS6.7AI score0.00207EPSS

NVD•added 2026/05/20 12:16 a.m.•7 views

CVE-2026-39309

5.5CVSS0.00005EPSS

Vulnrichment•added 2026/05/19 11:54 p.m.•6 views

CVE-2026-39309 Trilium Notes: macOS TCC Bypass via Prompt Spoofing

5.5CVSS6.1AI score0.00005EPSS

Malwarebytes•added 2026/05/11 1:21 p.m.•10 views

Yarbo responds to robot flaws that could mow down their owners

A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him...

5.7AI score

Exploits0

OSV•added 2026/04/18 12:16 a.m.•1 views

UBUNTU-CVE-2026-40339

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 842. The function reads the FormFlag byte via dtoh8odata, poffset without a prior bounds check. The standard ptpunpackDPD at lines...

UbuntuCve•added 2026/04/18 12:16 a.m.•1 views

Exploits0References4

CVE-2026-40335

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622–629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...

UbuntuCve•added 2026/04/18 12:16 a.m.•0 views

CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

3.5CVSS5.8AI score0.00008EPSS

UbuntuCve•added 2026/04/18 12:16 a.m.•2 views

CVE-2026-40338

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

OSV•added 2026/04/18 12:16 a.m.•2 views

UBUNTU-CVE-2026-40340

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...

6.1CVSS5.7AI score0.0001EPSS

UbuntuCve•added 2026/04/18 12:16 a.m.•1 views

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS5.8AI score0.0001EPSS

UbuntuCve•added 2026/04/18 12:16 a.m.•2 views

CVE-2026-40339

OSV•added 2026/04/18 12:16 a.m.•2 views

UBUNTU-CVE-2026-40341

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptpunpackEOSFocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known...

3.5CVSS5.7AI score0.00008EPSS

EUVD•added 2026/04/17 11:45 p.m.•4 views

EUVD-2026-23609

6.1CVSS5.7AI score0.0001EPSS