CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23037 matches found

Cvelist•added 2026/05/18 12:0 a.m.•36 views

CVE-2026-38719

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enetencap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled itemcount value that is not consistently...

0.00114EPSS

Exploits0References2

EUVD•added 2026/05/18 12:0 a.m.•10 views

EUVD-2026-30780

6.2CVSS5.8AI score0.00114EPSS

Exploits0References2

Positive Technologies•added 2026/05/18 12:0 a.m.•8 views

PT-2026-41681

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enet encap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled item count value that is not consistently...

5.8AI score0.00114EPSS

Exploits0References3

Vulnrichment•added 2026/05/18 12:0 a.m.•6 views

CVE-2026-38719

5.8AI score0.00114EPSS

Exploits0References2

ATTACKERKB•added 2026/05/18 12:0 a.m.•2 views

CVE-2026-38719

6.2CVSS5.8AI score0.00114EPSS

Exploits0References3

CNNVD•added 2026/05/18 12:0 a.m.•7 views

OpENer 缓冲区错误漏洞

OpENer is an open-source industrial Ethernet protocol stack developed by the EIP Stack Group, supporting connections for I/O devices. Version OpENer v2.3-558-g1e99582 contains a buffer error vulnerability. This vulnerability stems from an out-of-bounds read in the CreateCommonPacketFormatStructur...

6.2CVSS6AI score0.00114EPSS

Exploits0References1

Positive Technologies•added 2026/05/18 12:0 a.m.•13 views

PT-2026-41781

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing check in the MNG coder allows for reading more images than the list limit policy permits, which can lead to excessive resource consumption...

5.3CVSS5.8AI score0.00403EPSS

Exploits0References38

GithubExploit•added 2026/05/17 1:54 p.m.•77 views

XSS-Payload-Generator

XSS-Payload-Generator user guide 0. This script is an XSS payl...

5.9AI score

Exploits0

Snyk•added 2026/05/17 1:28 a.m.•12 views

NULL Pointer Dereference

Overview qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to NULL Pointer Dereference in the stringify function, when processing arrays with the options arrayFormat: 'comma' and encodeValuesOnly: true that contain nu...

6.9CVSS5.9AI score0.00267EPSS

Exploits0References2

Snyk•added 2026/05/17 1:28 a.m.•7 views

NULL Pointer Dereference

Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to NULL Pointer Dereference in the stringify function, when processing arrays with the options arrayFormat: 'comma' and encodeValuesOnly: true...

6.9CVSS5.9AI score0.00267EPSS

Exploits0References2

NVD•added 2026/05/17 12:16 a.m.•20 views

CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS0.00267EPSS

Exploits0References2

OSV•added 2026/05/17 12:16 a.m.•4 views

UBUNTU-CVE-2026-8723

6.3CVSS5.9AI score0.00267EPSS

Exploits0References4

UbuntuCve•added 2026/05/17 12:16 a.m.•6 views

CVE-2026-8723

6.3CVSS5.9AI score0.00267EPSS

Exploits0References3

CNNVD•added 2026/05/17 12:0 a.m.•7 views

qs 代码问题漏洞

QS is a JavaScript library developed by Jordan Harband. Versions of QS from 6.11.1 to 6.15.2 had code vulnerabilities. This vulnerability occurred when calling qs.stringify on an array containing null or undefined, with arrayFormat set to comma and encodeValuesOnly set to true. This resulted in a...

6.3CVSS5.9AI score0.00267EPSS

Exploits0References1

Tenable Nessus•added 2026/05/17 12:0 a.m.•7 views

Fedora 42 : coturn (2026-dfa8ea5809)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dfa8ea5809 advisory. Coturn 4.11.0 - Fix prometheus response memory leak introduced in 4.10.0 - Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC - Fix format-string...

5.8AI score

Exploits0References1

ATTACKERKB•added 2026/05/16 11:21 p.m.•9 views

CVE-2026-8723

6.3CVSS5.9AI score0.00267EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/05/16 11:21 p.m.•51 views

CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly

6.3CVSS0.00267EPSS

Exploits0References2

CVE•added 2026/05/16 11:21 p.m.•16 views

CVE-2026-8723

The CVE describes a bug in the qs library where tstringifying an object with arrayFormat: 'comma' and encodeValuesOnly: true fails if an array contains null or undefined. The failure is a synchronous TypeError caused by missing null guard in the encoding path: the code maps values with the encode...

6.3CVSS5.9AI score0.00267EPSS

Exploits0References2

Vulnrichment•added 2026/05/16 11:21 p.m.•16 views

CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly

6.3CVSS5.9AI score0.00267EPSS

Exploits0References2