CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

CVE-2026-46913

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Installation Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards...

9.3CVSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в python-pip

When installing a package from a Mercurial VCS URL e.g., “pip install hg+…” using pip before version 23.3, the specified Mercurial revision could be used to inject arbitrary configuration options into the “hg clone” call e.g., “--config”. Controlling the Mercurial configuration allows modifying t...

5.5CVSS6.8AI score0.00476EPSS

Exploits0References2

Vulnrichment•added 2026/04/20 2:55 p.m.•2 views

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS5.7AI score0.00144EPSS

Exploits0References2

OSV•added 2026/02/11 7:17 p.m.•4 views

OPENSUSE-SU-2026:20202-1 Security update for python-pip

This update for python-pip fixes the following issues: - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599...

2CVSS5.8AI score0.0039EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 11:43 a.m.•7 views

CVE-2010-0834

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute...

9.3CVSS8AI score0.02715EPSS

Exploits0References1

Snyk•added 2026/01/05 8:25 p.m.•1 views

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the interactive installer process. An attacker can gain unauthorized remote access to the host system by exploiting the default administrative credentials over SSH before the password is reset. This is...

9.8CVSS7.1AI score0.00473EPSS

Exploits0References2