CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/27 12:0 a.m.•1 views

EUVD-2026-25899

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is...

5.3AI score0.00035EPSS

Exploits1References1

Tenable Nessus•added 2026/04/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-42037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js...

5.3CVSS6AI score0.00096EPSS

Exploits1References4

Tenable Nessus•added 2026/04/27 12:0 a.m.•4 views

MiracleLinux 8 : dotnet9.0-9.0.116-1.el8_10 (AXSA:2026-500:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-500:08 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203...

7.5CVSS6.4AI score0.08014EPSS

CNNVD•added 2026/04/27 12:0 a.m.•7 views

Apache Camel 代码问题漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

9.4CVSS5.9AI score0.00326EPSS

Exploits0References1

CNNVD•added 2026/04/27 12:0 a.m.•7 views

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...

9.9CVSS6.3AI score0.00228EPSS

Exploits2References1

NVD•added 2026/04/26 8:16 a.m.•3 views

CVE-2026-7025

A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The manipulation of the argument X-Pingback/link results in server-side request forgery. The attack may...

7.5CVSS0.00054EPSS

Microsoft CVE•added 2026/04/26 8:8 a.m.•2 views

netfilter: ip6t_eui64: reject invalid MAC header for all packets

...

9.4CVSS5.8AI score0.00122EPSS

Exploits0

ATTACKERKB•added 2026/04/26 7:0 a.m.•2 views

CVE-2026-7025

7.5CVSS7AI score0.00054EPSS

CVE•added 2026/04/26 5:45 a.m.•8 views

CVE-2026-7022

CVE-2026-7022 affects SmythOS sre up to 0.0.15. The vulnerability lies in the HTTP Header Handler’s AgentRuntime function (packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts), where manipulation of the arguments X-DEBUG-RUN/X-DEBUG-INJ enables improper authentication. The issue allow...

Vulnrichment•added 2026/04/26 5:45 a.m.•2 views

CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication

A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...

EUVD•added 2026/04/26 5:45 a.m.•6 views

EUVD-2026-25697

Cvelist•added 2026/04/26 5:45 a.m.•29 views

CVE-2026-7022 SmythOS sre HTTP Header AgentRuntime.class.ts AgentRuntime improper authentication

7.5CVSS0.00105EPSS

SUSE CVE•added 2026/04/26 1:52 a.m.•4 views

SUSE CVE-2026-31684

In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. The current code reads vlan-hvlanencapsulatedproto and then pulls...

6.5CVSS5.5AI score0.00015EPSS

Exploits0References19

SUSE CVE•added 2026/04/26 1:52 a.m.•6 views

SUSE CVE-2026-31685

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

7.4CVSS5.5AI score0.00122EPSS

Exploits0References27

Positive Technologies•added 2026/04/26 12:0 a.m.•3 views

PT-2026-35206

7.5CVSS7AI score0.00054EPSS

CNNVD•added 2026/04/26 12:0 a.m.•6 views

SmythOS 授权问题漏洞

SmythOS is an open-source infrastructure for the execution and development of AI agents. Versions of SmythOS 0.0.15 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from the handling of X-DEBUG-RUN/X-DEBUG-INJ parameters in the AgentRuntime function...

7.5CVSS7.3AI score0.00105EPSS

Exploits0References2

Positive Technologies•added 2026/04/26 12:0 a.m.•2 views

PT-2026-35203

NVD•added 2026/04/25 7:16 p.m.•2 views

CVE-2026-6994

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

6.5CVSS0.00056EPSS