CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

336 matches found

OSV•added 2026/05/21 9:21 p.m.•3 views

GHSA-4J38-F5CW-54H7 Twig: The `spaceless` filter implicitly marks its output as safe

Description The spaceless filter is registered with issafe = 'html', which means Twig's autoescaper does not escape its output in an HTML context. As a result, applying spaceless to attacker-controlled input that contains markup emits the markup unescaped even when the developer never wrote |raw...

5.3CVSS5.7AI score

Exploits0References4

SUSE Linux•added 2026/05/18 12:9 p.m.•6 views

Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245403, CVE-2024-11584, CVE-2024-6174 Update to version 25.1.1 bsc1239715, jscPED-8680, bsc1228414, bsc1237764 Make sure a directory exists, if not create it, before writing in that location bsc1236720 rsyslog...

8.8CVSS5.8AI score0.0013EPSS

Exploits0References24

Tenable Nessus•added 2026/05/10 12:0 a.m.•2 views

Fedora 44 : python-pulp-glue / python-requests (2026-44919b3d9f)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-44919b3d9f advisory. 2.33.1 2026-03-30 ------------------- Bugfixes - Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. - Fixed...

5.5CVSS5.9AI score0.00005EPSS

Exploits0References2

Snyk•added 2026/04/18 1:5 a.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview OpenTelemetry.Exporter.Jaeger is a Jaeger exporter for OpenTelemetry .NET Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the span and tag conversion. An attacker can drive sustained memory pressure and denial of service by...

8.2CVSS5.7AI score0.0006EPSS

Exploits0References2

NVD•added 2026/04/10 4:16 p.m.•2 views

CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

7.5CVSS0.00126EPSS

Exploits1References6

OSV•added 2026/03/31 11:42 p.m.•0 views

GHSA-H3M5-P59H-X88P openssl-encrypt has visible password in process list via --password CLI argument

Summary Passwords passed via the --password / -p CLI argument in opensslencrypt/modules/cryptclisubparser.py at lines 150-154 are visible to any user on the system via ps aux or /proc/pid/cmdline. Affected Code python subparser.addargument "--password", "-p", help="Password will prompt if not...

8.7CVSS5.9AI score

Exploits0References3

Github Security Blog•added 2026/03/31 11:42 p.m.•3 views

openssl-encrypt has visible password in process list via --password CLI argument

5.9AI score

Exploits0References3Affected Software1

Veeam•added 2026/03/30 12:0 a.m.•7 views

External Client App (ECA) for Veeam Data Cloud — Adapting to New Salesforce Security Requirements

Support Statement Summary of Changes to Salesforce Security Protocols Salesforce has introduced new security protocols for third-party applications accessing Salesforce organizations. This change affects all third-party products that integrate with Salesforce, requiring those vendors to transitio...

5.5AI score

Exploits0

OSV•added 2026/02/28 12:45 p.m.•4 views

OESA-2026-1461 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

6.3CVSS5.9AI score0.00205EPSS

Exploits1References8

RedHat Linux•added 2026/02/26 11:2 a.m.•3 views

Important: Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.9.0 release

Red Hat build of OpenTelemetry 3.9.0 has been released This release of the Red Hat build of OpenTelemetry provides new features, security improvements, and bug fixes. Breaking changes: The deprecated OpenCensus Receiver, which provided backward compatibility with the OpenCensus project for easier...

7.5CVSS7AI score0.00045EPSS

Exploits0References3

Positive Technologies•added 2026/02/02 12:0 a.m.•6 views

PT-2026-5763

Name of the Vulnerable Software and Affected Versions ingress-nginx affected versions not specified Description A denial of service condition exists in the validating admission controller feature. Sending large requests to the validating admission controller can lead to excessive memory...

6.5CVSS5.3AI score0.00019EPSS

Exploits1References17

OSV•added 2026/01/26 2:49 p.m.•14 views

BIT-PYTHON-2025-12781 base64.b64decode() always accepts "+/" characters, despite setting altchars

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

6.3CVSS5.8AI score0.00047EPSS

Exploits1References9

OSV•added 2026/01/26 2:49 p.m.•3 views

BIT-PYTHON-MIN-2025-12781 base64.b64decode() always accepts "+/" characters, despite setting altchars

6.3CVSS5.8AI score0.00047EPSS

Exploits1References9

OSV•added 2026/01/26 2:43 p.m.•2 views

BIT-LIBPYTHON-2025-12781 base64.b64decode() always accepts "+/" characters, despite setting altchars

6.3CVSS5.8AI score0.00047EPSS

Exploits1References9