CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

113 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hficreate, it's possible that an interrupt fires...

5.5CVSS6.8AI score0.00024EPSS

Exploits0References2

CVE•added 2026/05/01 2:14 p.m.•9 views

CVE-2026-31738

CVE-2026-31738 concerns the Linux kernel vxlan code (vxlan_na_create) where ND option lengths are not properly validated. The flaw can cause the parser to advance beyond the option span or read an undersized LLADDR payload, enabling source address reading only when the option is large enough; imp...

5.5CVSS5.8AI score0.00015EPSS

Exploits0References8Affected Software1

RedhatCVE•added 2026/04/20 1:8 p.m.•8 views

CVE-2026-40342

A flaw was found in Firebird, an open-source relational database management system. An authenticated user with CREATE FUNCTION privileges can exploit a path traversal vulnerability in the external engine plugin loader. This allows an attacker to use a crafted engine name to load an arbitrary shar...

9.9CVSS6.4AI score0.00148EPSS

Exploits1References2

NVD•added 2026/04/17 8:16 p.m.•2 views

CVE-2026-40342

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...

9.9CVSS0.00148EPSS

Exploits1References4

Cvelist•added 2026/04/17 7:22 p.m.•14 views

CVE-2026-40342 Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution

9.9CVSS0.00148EPSS

Exploits1References4

RedhatCVE•added 2026/03/26 3:14 p.m.•0 views

CVE-2026-4495

A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts the function create of the file src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been release...

5.1CVSS4.3AI score0.00039EPSS

Exploits0References1

NVD•added 2026/03/20 6:16 p.m.•0 views

CVE-2026-4494

A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

5.1CVSS0.00013EPSS

Exploits0References4

ATTACKERKB•added 2026/03/20 6:2 p.m.•1 views

CVE-2026-4495

5.1CVSS4.3AI score0.00039EPSS

Exploits0References4Affected Software1

CVE•added 2026/03/20 6:2 p.m.•3 views

CVE-2026-4495

CVE-2026-4495 affects atjiu pybbs 6.0.0, specifically the create function in src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java. The issue enables cross‑site scripting via manipulation of the referenced component, with remote viability. Public exploit information is indicated in...

5.1CVSS4.3AI score0.00039EPSS

Exploits0References4

Positive Technologies•added 2026/03/20 12:0 a.m.•1 views

PT-2026-26656

5.1CVSS4.3AI score0.00039EPSS

Exploits0References5

CNNVD•added 2026/03/20 12:0 a.m.•2 views

pybbs 代码注入漏洞

pybbs is a Java-developed community platform created by iuiu’s individual developers. Version 6.0.0 of pybbs contains a code injection vulnerability. This vulnerability stems from a cross-site scripting attack in the create function located in the file...

5.1CVSS5.7AI score0.00013EPSS

Exploits0References4

NVD•added 2026/03/13 7:54 p.m.•1 views

CVE-2026-32304

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from...

9.8CVSS0.00161EPSS

Exploits1References2

Github Security Blog•added 2026/03/13 4:10 p.m.•4 views

Locutus vulnerable to RCE via unsanitized input in create_function()

Summary The createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from CVE-2026-29091 GHSA-fp25-p6mj-qqg6 which was calluserfuncarray using eval in v2.x. This finding affects...

9.8CVSS6.2AI score0.00161EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/03/13 12:0 a.m.•2 views

Locutus 代码注入漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus prior to 3.0.14 contained a code injection vulnerability. This vulnerability stemmed from the createfunction function not properly cleaning parameters, which could allow arbitrary code to execute...

9.8CVSS6AI score0.00161EPSS

Exploits1References2

Snyk•added 2026/03/12 10:38 p.m.•1 views

Arbitrary Code Injection

Overview locutus is a Locutus other languages' stadard libraries to JavaScript for fun and educational purposes Affected versions of this package are vulnerable to Arbitrary Code Injection via the createfunctionargs, code function. An attacker can execute arbitrary code by supplying unsanitized...

9.8CVSS6.2AI score0.00161EPSS

Exploits1References2

CVE•added 2026/03/12 9:24 p.m.•6 views

CVE-2026-32304

Locutus (CVE-2026-32304) contains an RCE in create_function(args, code) where the two parameters are passed directly to the Function constructor without sanitization prior to 3.0.14. This allows arbitrary code execution if untrusted input reaches create_function, as the code path uses new Functio...

9.8CVSS6AI score0.00161EPSS

Exploits1References2Affected Software1