CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/02/20 4:56 p.m.•7 views

Malicious code in format-defaults (npm)

5.6AI score

RedhatCVE•added 2026/02/20 1:22 a.m.•4 views

CVE-2026-26270

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane latest version that allows an authenticated user with permissions to manage Invoice Groups to inject malicious JavaScript into...

5.4CVSS5.6AI score0.00177EPSS

Snyk•added 2026/02/20 12:19 a.m.•2 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the H5Tconvstructopt function. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted h5 file. Remediation Upgrade hdf5 to version 1.14.4.3 or higher. Referenc...

8.5CVSS6.1AI score0.00227EPSS

CNNVD•added 2026/02/20 12:0 a.m.•4 views

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability that stems from the improper validation of data length during the parsing of ICO files. This issue occurs when data provided by users is copied into a heap-based buffer without proper validati...

7.8CVSS7.6AI score0.00662EPSS

NVD•added 2026/02/19 8:25 p.m.•7 views

CVE-2026-26193

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...

7.3CVSS0.00198EPSS

Cvelist•added 2026/02/19 7:15 p.m.•21 views

CVE-2026-26193 Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages

7.3CVSS0.00198EPSS

Vulnrichment•added 2026/02/19 7:15 p.m.•5 views

CVE-2026-26193 Open WebUI vulnerable to Stored XSS via iFrame embeds in response messages

7.3CVSS5.5AI score0.00198EPSS

CVE•added 2026/02/19 4:32 a.m.•17 views

CVE-2026-2704

Open Babel (up to 3.1.1) contains a vulnerability in CIF File Handler, specifically OpenBabel::transform3d::DescribeAsString in src/math/transform3d.cpp, causing an out-of-bounds read. The issue can be triggered remotely and has public exploit/public disclosure. A patch exists (identifier: e23a22...

8.1CVSS5.2AI score0.00728EPSS

Exploits1References9Affected Software1

Vulnrichment•added 2026/02/19 4:32 a.m.•3 views

CVE-2026-2704 Open Babel CIF File transform3d.cpp DescribeAsString out-of-bounds

A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the...

5.3CVSS5.4AI score0.00728EPSS

Exploits1References7

Positive Technologies•added 2026/02/19 12:0 a.m.•6 views

PT-2026-20857

Name of the Vulnerable Software and Affected Versions GIMP affected versions not specified Description A flaw exists in GIMP related to parsing XWD files. Insufficient validation of user-supplied data can lead to a write past the end of an allocated buffer. This could allow a remote attacker to...

7.8CVSS7.5AI score0.00518EPSS

Exploits0References14

NVD•added 2026/02/18 11:16 p.m.•4 views

CVE-2026-26270

5.4CVSS0.00177EPSS

CVE•added 2026/02/18 11:1 p.m.•14 views

CVE-2026-26270

CVE-2026-26270 affects InvoicePlane. A Stored XSS exists in the Identifier Format field, exploitable by an authenticated user with Invoice Group management permissions. The malicious script runs when users view the invoice list or the dashboard. A fix is available in Version 1.7.1. If your setup ...

5.4CVSS5.5AI score0.00177EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/18 11:1 p.m.•21 views

CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting

5.4CVSS0.00177EPSS

Vulnrichment•added 2026/02/18 11:1 p.m.•3 views

CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting

5.4CVSS5.5AI score0.00177EPSS

OSV•added 2026/02/18 11:1 p.m.•4 views

CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting

5.4CVSS5.6AI score0.00177EPSS

Exploits0References4

OSV•added 2026/02/18 10:41 p.m.•6 views

GHSA-3M4Q-JMJ6-R34Q Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading

Summary TensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 or a .keras archive embedding such weights can direct loadweights to read from an arbitrary readable filesystem path. The bytes pulled from that path...

7.1CVSS6AI score0.00271EPSS

Exploits0References7

Github Security Blog•added 2026/02/18 6:30 p.m.•8 views

OpenStack Nova calls qemu-img without format restrictions for resize

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00387EPSS

Exploits0References6Affected Software1

OSV•added 2026/02/18 2:47 p.m.•11 views

CLSA-2026-1771241609 kernel: Fix of 13 CVEs

vsock: Do not allow binding to VMADDRPORTANY CVE-2025-38618 - cnic: Fix use-after-free bugs in cnicdeletetask CVE-2025-39945 - scsi: bfa: Double-free fix CVE-2025-38699 - pptp: ensure minimal skb length in pptpxmit CVE-2025-38574 - ipv6: reject malicious packets in ipv6gsosegment CVE-2025-38572 -...

7.8CVSS7AI score0.00295EPSS