CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3660 matches found

Tenable Nessus•added 2026/02/28 12:0 a.m.•26 views

IBM WebSphere Application Server 8.5.5.3 < 8.5.5.30 / 9.x < 9.0.5.27 / Liberty 21.0.0.3 < 26.0.0.3 DoS (7261794)

The version of IBM WebSphere Application Server running on the remote host is affected by a DoS vulnerability as referenced in the 7261794 advisory. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an...

7.5CVSS7.2AI score0.00244EPSS

Exploits1References2

Tenable Nessus•added 2026/02/28 12:0 a.m.•9 views

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:0617-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0617-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: -...

7.8CVSS7.3AI score0.06879EPSS

Exploits3References1182

OSV•added 2026/02/26 3:20 p.m.•5 views

GHSA-24P2-J2JR-386W psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

Summary A security review of the psdtools.compression module conducted against the fix/invalid-rle-compression branch, commits 7490ffa–2a006f5 identified the following pre-existing issues. The two findings introduced and fixed by those commits Cython buffer overflow, IndexError on lone repeat...

8.8CVSS5.8AI score0.0041EPSS

Exploits1References5

OSV•added 2026/02/26 1:17 p.m.•3 views

SUSE-SU-2026:20592-1 Security update for 7zip

This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...

7.5CVSS7.2AI score0.00635EPSS

Exploits2References6

CVE•added 2026/02/25 11:57 p.m.•25 views

CVE-2026-27809

psd-tools (Python) prior to v1.12.2 is vulnerable when parsing PSD files with malformed RLE-compressed image data: decode_rle() can raise ValueError that was not caught, causing psd.composite() and psd-tools export to crash. The fix in v1.12.2 wraps the decode_rle() call in a try/except so that t...

9.1CVSS5.4AI score0.0041EPSS

Exploits1References3Affected Software1

IBM Security Bulletins•added 2026/02/25 5:4 p.m.•11 views

Security Bulletin: IBM Sterling Transformation Extender is affected by MongoBleed security vulnerability

Summary IBM Sterling Transformation Extender uses MongoDB and is affected by MongoBleed security vulnerability CVE-2025-14847. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an...

8.7CVSS5.7AI score0.83007EPSS

Exploits39Affected Software1

RedhatCVE•added 2026/02/25 4:6 a.m.•4 views

CVE-2026-24481

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PSD file containin...

7.5CVSS5.4AI score0.00348EPSS

Exploits0References1

SUSE CVE•added 2026/02/25 12:25 a.m.•2 views

SUSE CVE-2026-24481

7.5CVSS5.8AI score0.00348EPSS

Exploits0References6

Tenable Nessus•added 2026/02/25 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed...

7.5CVSS5.9AI score0.00478EPSS

Exploits0References3

OSV•added 2026/02/24 5:29 p.m.•2 views

AZL-78374 CVE-2026-27571 affecting package telegraf 1.31.0-12

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

7.5CVSS5.8AI score0.00478EPSS

Exploits0References1

OSV•added 2026/02/24 5:29 p.m.•5 views

AZL-78372 CVE-2026-27571 affecting package telegraf for versions less than 1.29.4-21

7.5CVSS5.8AI score0.00478EPSS

Exploits0References1

NVD•added 2026/02/24 5:29 p.m.•3 views

CVE-2026-27571

7.5CVSS0.00478EPSS

Exploits0References4

UbuntuCve•added 2026/02/24 5:29 p.m.•3 views

CVE-2026-27571

7.5CVSS5.9AI score0.00478EPSS

Exploits0References5

OSV•added 2026/02/24 5:29 p.m.•2 views

UBUNTU-CVE-2026-27571

7.5CVSS5.8AI score0.00478EPSS

Exploits0References6

Github Security Blog•added 2026/02/24 4:4 p.m.•6 views

nats-server websockets are vulnerable to pre-auth memory DoS

Impact The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. The implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which migh...

7.5CVSS5.6AI score0.00478EPSS

Exploits0References7Affected Software2

OSV•added 2026/02/24 4:4 p.m.•4 views

GHSA-QRVQ-68C2-7GRW nats-server websockets are vulnerable to pre-auth memory DoS

5.9CVSS5.8AI score0.00478EPSS

Exploits0References7