CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5004 matches found

SUSE CVE-2026-28907

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being...

8.1CVSS5.8AI score0.00149EPSS

Exploits0References3

SUSE CVE•added 2 hours ago•2 views

SUSE CVE-2026-43660

A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being...

7.5CVSS5.8AI score0.00118EPSS

Exploits0References3

Tenable Nessus•added yesterday•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-43660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe...

7.5CVSS5.8AI score0.00118EPSS

Exploits0References2

Tenable Nessus•added yesterday•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-28907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe...

8.1CVSS5.8AI score0.00149EPSS

Exploits0References2

NVD•added 3 days ago•9 views

CVE-2026-48208

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS0.00042EPSS

Exploits0References1

Vulnrichment•added 3 days ago•5 views

CVE-2026-48208 Denial-of-Service via SVG Rendering in Ticket

6.5CVSS5.9AI score0.00042EPSS

Exploits0References1

CVE•added 3 days ago•20 views

CVE-2026-48208

The CVE concerns an improper neutralization of active SVG content in OTRS/OTRS Community Edition ticket article rendering, allowing an attacker to inject crafted SVGs via email content that triggers browser-side resource exhaustion and DoS when tickets are opened. It is exploitable without JavaSc...

6.5CVSS5.9AI score0.00042EPSS

Exploits0References1

Cvelist•added 3 days ago•37 views

CVE-2026-48208 Denial-of-Service via SVG Rendering in Ticket

6.5CVSS0.00042EPSS

Exploits0References1

RedHat Linux•added 3 days ago•11 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management...

6.5CVSS5.7AI score0.00179EPSS

Exploits0References5

EUVD•added last week•4 views

EUVD-2026-32957

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

8.7CVSS5.8AI score0.00033EPSS

Exploits0References1

Cvelist•added last week•22 views

CVE-2026-45348 pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal

8.7CVSS0.00033EPSS

Exploits0References1

Vulnrichment•added last week•3 views

CVE-2026-45348 pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal

8.7CVSS5.8AI score0.00033EPSS

Exploits0References1

OSV•added last week•7 views

RLSA-2026:19206 Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari...

8.8CVSS6.3AI score0.01495EPSS

Exploits2References19

Rockylinux•added last week•7 views

webkit2gtk3 security update

An update is available for webkit2gtk3. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...

7.5CVSS6.7AI score0.01495EPSS

Exploits2

NVD•added 2026/05/27 9:16 p.m.•10 views

CVE-2026-21785

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

4CVSS0.00025EPSS

Exploits0References1

CVE•added 2026/05/27 8:15 p.m.•9 views

CVE-2026-21785

CVE-2026-21785 relates to a misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions ≤ 10.1.0.0442). The CSP failures occur because directives are defined without fallbacks, enabling attackers to bypass intended security restrictions and load unauthorized re...

4CVSS5.8AI score0.00025EPSS

Exploits0References1

EUVD•added 2026/05/27 8:15 p.m.•5 views

EUVD-2026-32658

4CVSS5.8AI score0.00025EPSS

Exploits0References1

Cvelist•added 2026/05/27 8:15 p.m.•34 views

CVE-2026-21785 HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy

4CVSS0.00025EPSS

Exploits0References1