CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5435 matches found

UbuntuCve•added 2026/04/03 4:16 p.m.•1 views

CVE-2026-23453

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

7.5CVSS5.8AI score0.00343EPSS

Exploits0References4

RedhatCVE•added 2026/04/02 10:55 p.m.•2 views

CVE-2026-34076

Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, @clerk/backend from versions 3.0.0 to before 3.2.3, and @clerk/fastify from versions 3.1.0 to before 3.1.5, the...

7.4CVSS5.8AI score0.00309EPSS

Exploits0References1

OSV•added 2026/04/02 3:21 p.m.•3 views

MAL-2026-2445 Malicious code in pro-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 508e68df7788049a51c684d3038db25fb043a5dda88579108c5eb49eacbfff95 The package pro-express was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score

Exploits0

OSSF Malicious Packages•added 2026/04/02 3:21 p.m.•5 views

Malicious code in pro-express (npm)

5.9AI score

Exploits0

OSV•added 2026/04/02 9:56 a.m.•2 views

MAL-2026-2419 Malicious code in express-session-js (npm)

Package impersonates legitimate express-session package; initPlugin downloads and executes attacker-controlled remote code on startup via new Function.constructor --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

6.1AI score

Exploits0References1

OSSF Malicious Packages•added 2026/04/02 9:56 a.m.•5 views

Malicious code in express-session-js (npm)

6.1AI score

Exploits0References1

vulnersOsv•added 2026/04/01 11:51 p.m.•7 views

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2026-4800 via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2026-4800 Source advisory: OSV:GHSA-R5FR-RJXR-66JC...

9.8CVSS6.2AI score0.01026EPSS

Exploits0

NVD•added 2026/04/01 6:16 p.m.•5 views

CVE-2026-34076

7.4CVSS0.00309EPSS

Exploits0References1

Cvelist•added 2026/04/01 4:59 p.m.•24 views

CVE-2026-34076 Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host

7.4CVSS0.00309EPSS

Exploits0References1

Vulnrichment•added 2026/04/01 4:59 p.m.•3 views

CVE-2026-34076 Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host

7.4CVSS5.8AI score0.00309EPSS

Exploits0References1

ATTACKERKB•added 2026/04/01 4:59 p.m.•3 views

CVE-2026-34076

7.4CVSS5.8AI score0.00309EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/01 4:59 p.m.•24 views

CVE-2026-34076

The CVE-2026-34076 issue is a SSRF in Clerk JavaScript’s opt-in clerkFrontendApiProxy feature. Affected packages and fix versions are: @clerk/backend (3.0.0–3.2.2; fixed in 3.2.3), @clerk/express (2.0.0–2.0.6; fixed in 2.0.7), @clerk/hono (0.1.0–0.1.4; fixed in 0.1.5), and @clerk/fastify (3.1.0–3...

7.4CVSS5.8AI score0.00309EPSS

Exploits0References1

EUVD•added 2026/04/01 4:59 p.m.•3 views

EUVD-2026-17974

7.4CVSS5.8AI score0.00309EPSS

Exploits0References1

vulnersOsv•added 2026/03/31 11:2 p.m.•2 views

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2025-13465 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JS-LODASHAMD-15869622...

7.9CVSS6.4AI score0.00317EPSS

Exploits0

vulnersOsv•added 2026/03/31 11:2 p.m.•5 views

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2021-23337 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2021-23337, CVE-2026-4800 Source advisory: SNYK:JS-LODASHAMD-15869626...

9.8CVSS6.8AI score0.2241EPSS

Exploits2

RedhatCVE•added 2026/03/31 5:0 p.m.•1 views

CVE-2026-27508

Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cgi endpoint due to improper sanitation of the url parameter. Attackers can craft malicious URLs with javascript: schemes that execute arbitrary JavaScript in victims' browse...

5.4CVSS6AI score0.00155EPSS

Exploits0References1

RedhatCVE•added 2026/03/31 5:0 p.m.•1 views

CVE-2026-26352

Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPNIP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes whe...

5.4CVSS5.9AI score0.00138EPSS

Exploits0References1

EUVD•added 2026/03/30 6:31 p.m.•4 views

EUVD-2026-17127

5.4CVSS6AI score0.00155EPSS

Exploits0References3

EUVD•added 2026/03/30 6:31 p.m.•3 views

EUVD-2026-17126

5.4CVSS5.9AI score0.00138EPSS

Exploits0References3

NVD•added 2026/03/30 5:16 p.m.•4 views

CVE-2026-27508