CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/03 7:16 p.m.•7 views

CVE-2026-7888

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...

8.4CVSS0.00175EPSS

RedhatCVE•added 2026/06/03 7:3 p.m.•10 views

CVE-2026-46259

A flaw was found in the Linux kernel's procfs component. When reading /proc/pid/stat, the dotaskstat function accesses task-realparent without proper Read-Copy-Update RCU protection. This missing protection creates a race condition, which can lead to a Use-After-Free UAF vulnerability. A local...

7.8CVSS5.8AI score0.0012EPSS

Exploits0References4

Vulnrichment•added 2026/06/03 6:10 p.m.•7 views

CVE-2026-7888 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.

ATTACKERKB•added 2026/06/03 6:10 p.m.•5 views

CVE-2026-7888

Exploits0References2Affected Software1

EUVD•added 2026/06/03 6:10 p.m.•9 views

EUVD-2026-34164

CVE•added 2026/06/03 6:10 p.m.•12 views

CVE-2026-7888

CVE-2026-7888 affects Concrete CMS versions below 9.5.2. The vulnerability arises from PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that do not enforce allowed_classes. An unauthenticated attacker could trigger arbitrary PHP object instantiatio...

NVD•added 2026/06/03 4:16 p.m.•10 views

CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

9.8CVSS0.01491EPSS

Exploits0References4

CVE•added 2026/06/03 3:49 p.m.•15 views

CVE-2025-71313

Summary (CVE-2025-71313) : In the Linux kernel PCI endpoint driver, there is a missing NULL check after alloc_workqueue(), which can return NULL on memory allocation failure. If a NULL workqueue pointer is later passed to queue_work() in epf_ntb_epc_init(), this can cause a NULL pointer dereferen...

5.5CVSS5.8AI score0.00107EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2026/06/03 3:25 p.m.•5 views

kernel: md/bitmap: fix GPF in write_page caused by resize race

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

4.7CVSS5.9AI score0.00091EPSS

Exploits0References5

NVD•added 2026/06/03 2:16 p.m.•11 views

CVE-2022-49042

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS0.00123EPSS

RedHat Linux•added 2026/06/03 1:52 p.m.•8 views

firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to incorrect boundary conditions in the Audio/Video component...

7.5CVSS5.7AI score0.00273EPSS

Vulnrichment•added 2026/06/03 1:35 p.m.•7 views

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

4.1CVSS5.8AI score0.00297EPSS

RedHat Linux•added 2026/06/03 12:58 p.m.•14 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.43 security and extras update

Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

9.8CVSS7.6AI score0.01026EPSS

Exploits3References9

Debian CVE•added 2026/06/03 10:45 a.m.•7 views

CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

5.5CVSS5AI score0.00135EPSS

Exploits1

RedHat Linux•added 2026/06/03 7:51 a.m.•8 views

firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component

7.5CVSS5.7AI score0.00273EPSS

RedHat Linux•added 2026/06/03 7:51 a.m.•8 views

firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component...

9.6CVSS5.8AI score0.00258EPSS

RedHat Linux•added 2026/06/03 5:56 a.m.•5 views

firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component

7.5CVSS5.7AI score0.00273EPSS

RedHat Linux•added 2026/06/03 5:56 a.m.•5 views

firefox: thunderbird: webrtc: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

9.6CVSS5.7AI score0.00258EPSS

RedHat Linux•added 2026/06/03 1:1 a.m.•9 views

firefox: Privilege escalation in the Security component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Security component...

8.8CVSS5.7AI score0.00307EPSS