CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3508 matches found

CVE-2026-47729

A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature. Mitigation When F...

6.5CVSS5.8AI score

Exploits1References4

RedhatCVE•added 3 days ago•5 views

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00281EPSS

Exploits0References3

OSV•added 4 days ago•7 views

ROOT-APP-MAVEN-CVE-2025-27817 CVE-2025-27817 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2025-27817 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.1AI score0.60841EPSS

Exploits2

OSV•added 4 days ago•4 views

ROOT-APP-MAVEN-CVE-2024-31141 CVE-2024-31141 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2024-31141 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

6.5CVSS7.3AI score0.01129EPSS

Exploits0

OSV•added 4 days ago•10 views

ROOT-APP-MAVEN-CVE-2026-33558 CVE-2026-33558 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2026-33558 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

5.3CVSS5.8AI score0.00535EPSS

Exploits0

OSV•added 4 days ago•6 views

ROOT-APP-MAVEN-CVE-2026-35554 CVE-2026-35554 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2026-35554 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

8.7CVSS5.2AI score0.00328EPSS

Exploits0

NVD•added 5 days ago•4 views

CVE-2026-23513

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery and...

7.1CVSS0.00282EPSS

Exploits0References2

Cvelist•added 5 days ago•27 views

CVE-2026-23513 FOSSBilling: Broken Authorization in Client Transaction and Order Listings

7.1CVSS0.00282EPSS

Exploits0References2

ATTACKERKB•added 5 days ago•6 views

CVE-2026-23513

7.1CVSS5.9AI score0.00282EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 5 days ago•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-55655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by...

6.1CVSS5.7AI score0.00082EPSS

Exploits0References4

RedHat Linux•added 6 days ago•4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS5.7AI score0.00148EPSS

Exploits0References7

CVE•added 2026/06/19 5:59 p.m.•18 views

CVE-2026-49291

mcp-memory-service (semantic memory layer for AI apps) exposed the HTTP MCP JSON-RPC endpoint at /mcp such that OAuth read scope allowed mutating actions. Before patch 10.65.3, a read-only OAuth client could invoke tools/call to reach store_memory and delete_memory, bypassing REST write scope che...

8.1CVSS5.9AI score0.00264EPSS

Exploits0References3

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0alpha0 to 10.0.0.beta2, and 11.0.0alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, then if an attacker can send a request with a body that ...

5.8CVSS6.5AI score0.08113EPSS

Exploits0References1

IBM Security Bulletins•added 2026/06/18 5:57 p.m.•52 views

Security Bulletin: OpenSSH client bug (CVE-2016-0777 and CVE-2016-0778)

Question Security Bulletin: OpenSSH client bug CVE-2016-0777 and CVE-2016-0778 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All...

8.1CVSS7.3AI score0.63468EPSS

Exploits3Affected Software1

RedHat Linux•added 2026/06/17 3:13 p.m.•7 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS5.3AI score0.00127EPSS

Exploits0References7

RedHat Linux•added 2026/06/17 12:19 p.m.•7 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes

5.5CVSS5.4AI score0.00127EPSS

Exploits0References7

Nuclei•added 2026/06/16 7:13 a.m.•242 views

ShellShock - Remote Code Execution

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

10CVSS9.1AI score0.99999EPSS

Exploits139References5

NVD•added 2026/06/15 4:16 p.m.•7 views

CVE-2026-9863

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS0.00579EPSS

Exploits0References1

CVE•added 2026/06/15 3:17 p.m.•17 views

CVE-2026-9863

CVE-2026-9863 concerns Fortra BoKS Manager, where an OS command injection vulnerability exists in the client upgrade/patch tooling for legacy tar-based installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may cause commands to be executed on the B...

7.5CVSS5.4AI score0.00579EPSS

Exploits0References1

EUVD•added 2026/06/12 2:1 p.m.•12 views

EUVD-2026-36433

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS5.3AI score0.00259EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by