CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

198 matches found

NVD•added 2026/05/22 8:16 p.m.•2 views

CVE-2026-40607

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Note that By default, only...

7.5CVSS0.00054EPSS

Exploits0References3

OSV•added 2026/05/14 4:19 p.m.•1 views

GHSA-78PR-C5X5-JGGC FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Assistant entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/assistants/index.ts Root cause: The Assistant controller/service construct...

7.7CVSS6AI score

Exploits0References5

Hacker One•added 2026/05/13 10:12 p.m.•14 views

curl: HSTS multi-trailing-dot bypass-ish: possible incomplete fix for CVE-2022-30115

Hi all, Honestly, I'm not completely certain about this issue, but I think the CVE-2022-30115 fix "HSTS bypass via trailing dot" is incomplete: the same asymmetry exists for hostnames with two or more trailing dots, so http://example.com../ still gets sent in plaintext when there's a valid HSTS...

4.3CVSS6.8AI score0.00083EPSS

Exploits1

EUVD•added 2026/05/04 5:53 p.m.•2 views

EUVD-2026-27077

CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nbcolors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nbcolors value triggers an...

5.5CVSS5.7AI score0.00019EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: The issue related to GPF in bitmapgetstats has been fixed. The commit message for commit 6ec1f0239485 “md/md-bitmap: fix stats collection for external bitmaps” states: “Remove the external bitmap check, as statistic...

5.5CVSS5.8AI score0.0007EPSS

Exploits0References2

Cvelist•added 2026/04/21 7:24 p.m.•27 views

CVE-2026-40887 @vendure/core has a SQL Injection vulnerability

Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression...

9.1CVSS0.07704EPSS

Exploits0References1

Tenable Nessus•added 2026/04/21 12:0 a.m.•0 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013203)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013203 advisory. In the Linux kernel, the following vulnerability has been resolved: net: add vlangetprotocolanddepth helper Before blamed commit, pskbmaypull was used instead of...

5.5CVSS5.7AI score0.00017EPSS

Exploits0References4

Github Security Blog•added 2026/03/26 9:24 p.m.•3 views

OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement

Summary Mutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

5.8AI score

Exploits0References3Affected Software1

ATTACKERKB•added 2026/02/03 8:49 p.m.•2 views

CVE-2026-24053

Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the...

7.7CVSS5.4AI score0.00022EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2026/01/16 12:0 a.m.•1 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004059)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004059 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpidscallcontrolmethod A use-after-free in acpipsparseaml after a...

7.8CVSS5.9AI score0.00013EPSS

Exploits0References4

SUSE CVE•added 2025/12/31 12:27 a.m.•1 views

SUSE CVE-2023-54254

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Don't leak a resource on eviction error On eviction errors other than -EMULTIHOP we were leaking a resource. Fix. v2: - Avoid yet another goto Andi Shyti...

4.7CVSS6.5AI score0.00021EPSS

Exploits0References19

Tenable Nessus•added 2025/12/02 12:0 a.m.•2 views

openSUSE 16 Security Update : curl (openSUSE-SU-2025-20090-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20090-1 advisory. - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes...

7.5CVSS6.8AI score0.00275EPSS

Exploits1References10

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-18281

Malware in sbrugna...

7.8CVSS7.6AI score0.00686EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-18378

Malware in sbrugna...

5.5CVSS5.3AI score0.00203EPSS

Exploits1References7