CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

137 matches found

SUSE CVE-2026-8796

Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...

8.1CVSS5.8AI score0.00014EPSS

Exploits0References3

OSV•added 2026/05/31 8:16 p.m.•6 views

DEBIAN-CVE-2026-8796

8.1CVSS5.8AI score0.00014EPSS

Exploits0References1

EUVD•added 2026/05/31 7:43 p.m.•12 views

EUVD-2026-33517

5.8AI score0.00014EPSS

Exploits0References2

ATTACKERKB•added 2026/05/31 7:43 p.m.•6 views

CVE-2026-8796

5.8AI score0.00014EPSS

Exploits0References3

EUVD•added 2026/05/19 8:31 p.m.•5 views

EUVD-2026-30983

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...

6.6CVSS6AI score0.00406EPSS

Exploits0References2

ATTACKERKB•added 2026/05/19 8:31 p.m.•5 views

CVE-2026-34216

6.6CVSS6AI score0.00406EPSS

Exploits0References3Affected Software1

CVE•added 2026/05/02 4:27 a.m.•8 views

CVE-2026-4658

The CVE-2026-4658 entry concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (Add-to-Cart block). Affected: all versions up to 6.0.4. Root cause: insufficient output escaping in render_callback() where class and data-id attributes are built via raw ...

6.4CVSS6AI score0.00027EPSS

Exploits0References10

CNNVD•added 2026/05/01 12:0 a.m.•4 views

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...

9.8CVSS6.9AI score0.00083EPSS

Exploits1References1

CNNVD•added 2026/05/01 12:0 a.m.•4 views

Apache MINA 代码问题漏洞

9.8CVSS6.8AI score0.00287EPSS

Exploits0References1

RedhatCVE•added 2026/04/27 2:25 p.m.•3 views

CVE-2026-41635

A flaw was found in Apache MINA. A remote attacker could exploit a vulnerability in the AbstractIoBuffer.resolveClass method, which failed to properly validate class names for static classes or primitive types. This bypasses the intended security control, known as a classname allowlist, allowing ...

9.8CVSS6.1AI score0.00059EPSS

Exploits0References4

CVE•added 2026/04/27 9:20 a.m.•14 views

CVE-2026-41409

Apache MINA is affected by CVE-2026-41409 due to an incomplete fix for CVE-2024-52046 in AbstractIoBuffer.getObject(). The classname allowlist for deserialization was enforced too late after a class static initializer could already run. Affected versions: MINA 2.0.0–2.0.27, 2.1.0–2.1.10, 2.2.0–2....

9.8CVSS5.3AI score0.00278EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/04/27 12:0 a.m.•1 views

PT-2026-35387

Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.0.0 through 2.0.27 Apache MINA versions 2.1.0 through 2.1.10 Apache MINA versions 2.2.0 through 2.2.5 Description An issue exists in the getObject function of the AbstractIoBuffer class due to an incomplete deserializati...

10CVSS7.1AI score0.00278EPSS

Exploits0References276

CVE•added 2026/04/21 3:26 p.m.•20 views

CVE-2017-20230

CVE-2017-20230 affects Perl’s Storable before 3.05. The issue arises in retrieve_hook, which stores the class-name length as a signed int but reads it as unsigned, enabling crafted data to trigger a stack overflow during read operations. Public reports confirm a high-impact condition (CRITICAL) w...

10CVSS5.8AI score0.00037EPSS

Exploits0References6Affected Software1

CNNVD•added 2026/04/21 12:0 a.m.•4 views

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic, and cross-platform programming language developed by the Perl community. Versions of Perl prior to 3.05 contained security vulnerabilities. These vulnerabilities stemmed from the retrievehook function, which stored the length of class names as...

10CVSS5.8AI score0.00037EPSS

Exploits0References1

RedHat Linux•added 2026/04/15 1:54 p.m.•2 views

perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter

Multiple security issues have been discovered in the perl YAML::Syck module. A heap overflow occurs when class names exceed the initial 512-byte allocation, a base64 decoder could read past the buffer end on trailing newlines. strtok mutated n-typeid in place, corrupting shared node data, and a...

9.1CVSS6AI score0.00023EPSS

Exploits0References6

Snyk•added 2026/03/11 12:20 a.m.•3 views

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in the redirectClassNameForKey query parameter handling. An unauthenticated attacker can gain...

9.9CVSS5.8AI score0.00088EPSS

Exploits0References2

RedhatCVE•added 2026/02/23 7:35 p.m.•5 views

CVE-2026-2954

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...

9.8CVSS6.3AI score0.0006EPSS

Exploits0References1