CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added last week•6 views

CVE-2026-42579

A flaw was found in Netty. Netty's DNS Domain Name System codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the...

9.1CVSS6.9AI score0.00032EPSS

Exploits1References4

Tenable Nessus•added 2026/05/28 12:0 a.m.•10 views

Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103712)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103712 advisory. - This injection vulnerability allows an unauthenticated attacker to modify the actions taken by a system call which has no impact to...

7.5CVSS6.6AI score0.00091EPSS

Tenable Nessus•added 2026/05/28 12:0 a.m.•7 views

Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.18 / 10.4.0 < 11.3.5 (JSDSERVER-16578)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16578 advisory. - This File Inclusion vulnerability allows an unauthenticated attacker to get the application to displ...

7.1CVSS6.8AI score0.00008EPSS

Exploits1References2

RedHat Linux•added 2026/05/27 10:1 a.m.•10 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

2.5CVSS5.8AI score0.00015EPSS

Exploits0References7

NVD•added 2026/05/27 9:16 a.m.•13 views

CVE-2026-40828

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can...

7CVSS0.00043EPSS

ATTACKERKB•added 2026/05/27 7:53 a.m.•5 views

CVE-2026-40828

Exploits0References2Affected Software4

EUVD•added 2026/05/27 7:53 a.m.•6 views

EUVD-2026-32156

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

CVE•added 2026/05/27 7:52 a.m.•9 views

CVE-2026-40825

CVE-2026-40825 describes an unauthenticated SQL Injection in the accountstatus view devices parameter. The vulnerability arises from improper neutralization of special elements in a SQL UPDATE command, enabling reading the entire database and altering values in a non-critical table. Reported impa...

ATTACKERKB•added 2026/05/27 7:50 a.m.•5 views

CVE-2026-40823

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

Exploits0References2Affected Software4

EUVD•added 2026/05/27 7:18 a.m.•9 views

EUVD-2025-209952

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...

8.8CVSS6.4AI score0.0003EPSS

RedhatCVE•added 2026/05/25 11:32 p.m.•9 views

CVE-2026-9365

A flaw was found in Ettercap. A remote attacker could exploit a heap-based buffer overflow vulnerability in the GG Dissector component by manipulating the gg argument within the FUNCDECODER function. This could lead to information disclosure, integrity impact, and availability impact. The attack...

6.3CVSS6.3AI score0.00076EPSS

RedhatCVE•added 2026/05/21 1:16 p.m.•4 views

CVE-2026-44056

A flaw was found in Netatalk. A remote attacker with low privileges could exploit a stack buffer overflow vulnerability in the desktop.c component. This could lead to a denial of service DoS, making the service unavailable, and potentially result in limited information disclosure or integrity...

6.4CVSS5.9AI score0.00102EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в postgresql-11

A flaw was discovered in PostgreSQL versions prior to 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20, and before 9.5.24. An attacker who has permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The...

8.8CVSS7.4AI score0.23757EPSS

Cvelist•added 2026/05/18 9:36 a.m.•35 views

CVE-2026-41119

Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity...

6.8CVSS0.00015EPSS

NVD•added 2026/05/15 3:16 a.m.•6 views

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

6.9CVSS0.00015EPSS

Cvelist•added 2026/05/15 1:52 a.m.•29 views

CVE-2025-29936

Improper input validation within the AMD Platform Management Framework PMF could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality...

8.4CVSS0.00032EPSS