Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2899 matches found

NVD
NVDadded 2 days ago9 views

CVE-2026-1764

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...

5.6CVSS0.00193EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2 days ago4 views

CVE-2026-1767

A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...

8.1CVSS5.7AI score0.00339EPSS
Exploits1
CVE
CVEadded 2 days ago11 views

CVE-2026-1767

A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...

8.1CVSS5.6AI score0.00339EPSS
Exploits1References2Affected Software2
EUVD
EUVDadded 2 days ago5 views

EUVD-2026-37028

A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...

5.6CVSS5.6AI score0.00339EPSS
Exploits1References2
Cvelist
Cvelistadded 2 days ago25 views

CVE-2026-1766 Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files.

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

5.6CVSS0.00166EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2 days ago4 views

CVE-2026-1766

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

6.1CVSS5.5AI score0.00166EPSS
Exploits1
Debian CVE
Debian CVEadded 2 days ago3 views

CVE-2026-1765

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

5.6CVSS5.5AI score0.00193EPSS
Exploits0
Cvelist
Cvelistadded 2 days ago24 views

CVE-2026-1765 Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and potential information disclosure via crafted mp3 files

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

5.6CVSS0.00193EPSS
Exploits0References2
CVE
CVEadded 2 days ago31 views

CVE-2026-1764

The CVE-2026-1764 to CVE-2026-1767 family affects GNOME localsearch (tracker-miners) MP3 extraction. Root cause: a missing bounds check in extract_performers_tags when parsing MP3 files (ID3v2.x), enabling a heap buffer overflow. Impact: Denial of Service (remote or local depending on context) vi...

5.6CVSS5.6AI score0.00193EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2 days ago5 views

CVE-2026-1764

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...

5.6CVSS5.7AI score0.00193EPSS
Exploits1
RedhatCVE
RedhatCVEadded last week14 views

CVE-2026-47838

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

8.1CVSS5.4AI score0.00115EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/10 12:31 a.m.8 views

EUVD-2026-35911

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS5.5AI score0.00115EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/09 11:50 p.m.36 views

CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS0.00115EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/09 11:50 p.m.5 views

CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS5.4AI score0.00115EPSS
Exploits0References1
CVE
CVEadded 2026/06/09 11:50 p.m.32 views

CVE-2026-47838

Spring Security CVE-2026-47838 involves the SubjectDnX509PrincipalExtractor and malformed X.509 CN values, causing the extracted username to be read incorrectly and potentially allowing an attacker to impersonate another user. Affected versions include Spring Security 5.7.0–5.7.24; 5.8.0–5.8.26; ...

8.1CVSS5.5AI score0.00115EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/06/05 7:47 p.m.5 views

CVE-2026-6616

A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...

6.5CVSS6.1AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/02 10:2 p.m.8 views

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00294EPSS
Exploits0References1
NVD
NVDadded 2026/06/01 9:16 p.m.10 views

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS0.00294EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/06/01 7:45 p.m.6 views

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS5.6AI score0.00294EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 7:45 p.m.8 views

CVE-2026-10287 SourceCodester SEO Meta Tag Extractor index.php get_headers server-side request forgery

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00294EPSS
Exploits0References6
Rows per page
Query Builder