CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•0 views

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation when parsing a UDP packet, due to an underflow of the netprocessreceivedpacket integer during the udppackethandler call...

9.8CVSS7.1AI score0.00633EPSS

EUVD•added 2026/05/20 12:31 a.m.•15 views

EUVD-2025-209901

Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...

Redos•added 2026/05/20 12:0 a.m.•9 views

ROS-20260520-73-0017

A vulnerability in the JavaScript script handler V8 of Google Chrome and Microsoft Edge browsers is related to writing outside buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

8.8CVSS5.9AI score0.00052EPSS

Exploits0

CNNVD•added 2026/05/20 12:0 a.m.•8 views

haveged 安全漏洞

Haveged is a random number generation tool developed by Jirka-H. Haveged has a security vulnerability; this vulnerability stems from the sockethandler function not stopping its execution when it detects that the connection user is not a root user. This allows any local non-privileged user to...

7.8CVSS6AI score0.00004EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-8213

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the...

5.5CVSS5.4AI score0.0001EPSS

Exploits1References3

CNNVD•added 2026/05/20 12:0 a.m.•6 views

WordPress plugin Anomify AI 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.9AI score0.00023EPSS

Exploits0References1

Redos•added 2026/05/20 12:0 a.m.•5 views

ROS-20260520-73-0004

A vulnerability in the V8 JavaScript script handler of Google Chrome and Microsoft Edge browsers is related to improper code generation control. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

8.8CVSS7.5AI score0.03241EPSS

Exploits0

NVD•added 2026/05/19 10:16 p.m.•10 views

CVE-2026-34234

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS0.00091EPSS

Exploits2References2

NVD•added 2026/05/19 10:16 p.m.•9 views

CVE-2025-15645

5.1CVSS0.00023EPSS

Vulnrichment•added 2026/05/19 9:41 p.m.•3 views

CVE-2025-15645 Ledger Nano X, Flex, Stax MCU Firmware Update Denial of Service

ATTACKERKB•added 2026/05/19 9:41 p.m.•3 views

CVE-2025-15645

Cvelist•added 2026/05/19 9:41 p.m.•26 views

CVE-2025-15645 Ledger Nano X, Flex, Stax MCU Firmware Update Denial of Service

5.1CVSS0.00023EPSS

CVE•added 2026/05/19 9:41 p.m.•11 views

CVE-2025-15645

The CVE-2025-15645 affects Ledger Nano X, Flex, and Stax MCU firmware updater. The vulnerability is a denial-of-service in the MCU firmware update process caused by missing validation of the reset_handler parameter during firmware flashing. An attacker could supply a crafted reset_handler address...

EUVD•added 2026/05/19 9:3 p.m.•10 views

EUVD-2026-30984

10CVSS6.2AI score0.00091EPSS

Exploits2References2

CVE•added 2026/05/19 9:3 p.m.•25 views

CVE-2026-34234

CVE-2026-34234 affects CtrlPanel (open-source hosting-provider billing) versions up to 1.1.1. The web installer at public/installer/index.php executes form handlers before install.lock gating and uses unsanitized user input in shell commands, enabling unauthenticated RCE. A PoC demonstrates a cra...

10CVSS6.2AI score0.00091EPSS

In wildExploits2References2

Vulnrichment•added 2026/05/19 9:3 p.m.•9 views

CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script

10CVSS6.2AI score0.00091EPSS

Exploits2References2

RedHat Linux•added 2026/05/19 6:28 p.m.•8 views

cpython: Header injection via newlines in data URL mediatype in Python

Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

6CVSS7.2AI score0.00052EPSS

Exploits0References7

OSV•added 2026/05/19 3:53 p.m.•2 views

GHSA-W4VJ-R5PG-3722 Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)

Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...

5.9CVSS5.9AI score0.00091EPSS