CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added last week•4 views

Astra Linux – Vulnerability in Thunderbird

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text is never displayed to the user. This is because the text is interpreted as a MIME message, and the first paragraph is always treated as part of an email header section. A digitally signed text...

4.3CVSS6.2AI score0.00633EPSS

AstraLinux•added last week•6 views

Astra Linux – Vulnerability in qtbase-opensource-src

A issue was discovered in Qt before version 5.15.14, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when such connections are explicit...

5.3CVSS5.6AI score0.00875EPSS

AstraLinux•added last week•5 views

Astra Linux - Vulnerability in Golang-1.19

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate significantly more memory than is...

7.5CVSS6.3AI score0.01888EPSS

Exploits0References1

Positive Technologies•added 2026/06/19 12:0 a.m.•10 views

PT-2026-51098

Name of the Vulnerable Software and Affected Versions py7zr versions prior to 1.1.3 Description A denial of service issue exists where a crafted .7z archive with a large numstreams value causes excessive CPU consumption. This occurs because the PackInfo. read function in archiveinfo.py uses an On...

6.9CVSS5.9AI score

Exploits0References8

SUSE CVE•added 2026/06/17 2:20 a.m.•7 views

SUSE CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.3AI score0.00329EPSS

Exploits1References3

NVD•added 2026/06/15 8:16 p.m.•12 views

CVE-2026-53703

A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sampl...

7.1CVSS0.00191EPSS

Cvelist•added 2026/06/15 7:10 p.m.•27 views

CVE-2026-53703 Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer audio stream header parser

7.1CVSS0.00191EPSS

Cvelist•added 2026/06/15 7:10 p.m.•28 views

CVE-2026-52721 Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp header parsing

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS0.00107EPSS

Vulnrichment•added 2026/06/15 7:10 p.m.•5 views

CVE-2026-52721 Gstreamer1-plugins-bad-free: gstreamer: multiple out-of-bounds reads in pcapparse ipv4/tcp header parsing

5.3CVSS5.5AI score0.00107EPSS

Tenable Nessus•added 2026/06/15 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in the GStreamer RealMedia demuxer gst-plugins-ugly. When processing a RealMedia .rm file, the demuxer parses MDPR media properties...

7.1CVSS6AI score0.00191EPSS

NVD•added 2026/06/12 7:16 p.m.•10 views

CVE-2026-47138

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS0.00584EPSS

EUVD•added 2026/06/12 6:22 p.m.•8 views

EUVD-2026-36535

8.7CVSS5.2AI score0.00584EPSS

OSV•added 2026/06/11 10:44 a.m.•5 views

EEF-CVE-2026-53423 Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin

Summary Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane\mp4\plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.to\atom/1 without validation...

5.9CVSS5.5AI score0.00126EPSS

RedHat Linux•added 2026/06/10 8:29 p.m.•5 views

undertow: Undertow: Request smuggling via inconsistent header parsing

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks,...

9.1CVSS5.4AI score0.00704EPSS

RedHat Linux•added 2026/06/10 8:25 p.m.•6 views

undertow: Undertow: Request smuggling via inconsistent header parsing

9.1CVSS5.4AI score0.00704EPSS