CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Redos•added 2 days ago•2 views

ROS-20260611-73-0008

The vulnerability of the gdiSurfaceToSurface function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service interruptions...

9.8CVSS6.4AI score0.00175EPSS

Redos•added 2 days ago•2 views

ROS-20260611-73-0016

The vulnerability of the cleardecompressbandsdata function in the RDP client FreeRDP is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...

9.8CVSS6.3AI score0.00197EPSS

7.3CVSS5.9AI score0.00044EPSS

PT-2026-48705

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS6AI score0.0008EPSS

PT-2026-48754

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.115 Description A use after free issue in Core allows a remote attacker to execute arbitrary code by inducing a user to open a crafted HTML page. Use after free is a memory corruption flaw that occurs...

Tenable Nessus•added 2 days ago•3 views

FreeBSD : FreeBSD -- Multiple vulnerabilities in unbound (b604d3e1-6474-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b604d3e1-6474-11f1-958d-bc241121aa0a advisory. Multiple vulnerabilities have been reported in Unbound. Instead of listing detailed writeups f...

10CVSS6.4AI score0.00322EPSS

Exploits0References12

Tenable Nessus•added 2 days ago•4 views

aioHTTP < 3.14.0 Multiple Vulnerabilities

The version of aioHTTP installed on the remote host is prior to 3.14.0. It is, therefore, affected by multiple vulnerabilities: - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary...

8.7CVSS5.8AI score0.00068EPSS

Tenable Nessus•added 2 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-6893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host...

8.8CVSS6.1AI score0.00156EPSS

Exploits0References2

Tenable Nessus•added 2 days ago•6 views

Debian dsa-6338 : libdbi-perl - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6338 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6338-1 [email protected]...

9.8CVSS6AI score0.00069EPSS

Exploits0References7

Tenable Nessus•added 2 days ago•3 views

RockyLinux 10 : libyang (RLSA-2026:24758)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:24758 advisory. libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 Tenable has extracted the preceding...

7.5CVSS6.3AI score0.00068EPSS

Exploits0References3

Tenable Nessus•added 2 days ago•3 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Netatalk vulnerabilities (USN-8395-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8395-1 advisory. Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MyS...

9.9CVSS6.4AI score0.00256EPSS

Exploits0References11

8.8CVSS6AI score0.00049EPSS

PT-2026-48740

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points...

Exploits0References3

8.4CVSS6.3AI score0.00028EPSS

PT-2026-48681

Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...

Positive Technologies•added 2 days ago•5 views

PT-2026-48700

Name of the Vulnerable Software and Affected Versions KanaDojo versions prior to 0.1.18 Description A sandbox escape allows remote code execution with full GitHub Actions runner privileges, including access to the AUTOMATION PR TOKEN variable. The issue occurs in the issue-auto-respond.yml workfl...

8.5CVSS6.3AI score0.00083EPSS

Exploits0References5

Positive Technologies•added 2 days ago•7 views

PT-2026-48810

Impact The ext in upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as: uploadedavatar|is imageavatar|mime inavatar,image/gif|ext...

9.8CVSS6.1AI score0.00078EPSS

Exploits0References7

Redos•added 2 days ago•2 views

ROS-20260611-73-0010

9.8CVSS6.4AI score0.00175EPSS