CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42261 matches found

CNNVD•added 2026/05/26 12:0 a.m.•5 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS has a security vulnerability, which stems from a single-bit error in the bounds checking of PKCS12 package elements. This vulnerability could...

5.3CVSS5.8AI score0.00249EPSS

Exploits0References2

Positive Technologies•added 2026/05/26 12:0 a.m.•8 views

PT-2026-43441

Name of the Vulnerable Software and Affected Versions netty incubator codec.bhttp versions prior to 0.0.21.Final Description The HKDF expand function returns a non-NULL byte array filled with zeros upon failure, making it impossible to distinguish between a successful operation and a failure. Thi...

6.9CVSS5.8AI score0.0003EPSS

Exploits0References6

Tenable Nessus•added 2026/05/26 12:0 a.m.•11 views

TencentOS Server 3: git-lfs (TSSA-2026:0380)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0380 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.5CVSS7.4AI score0.00044EPSS

Exploits0References5

Positive Technologies•added 2026/05/26 12:0 a.m.•5 views

PT-2026-43319

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The getInstance function within the InputFilter class fails to include a security-sensitive parameter when generating the instance cache key. Recommendations At...

7.5CVSS5.8AI score0.00002EPSS

Exploits0References3

Positive Technologies•added 2026/05/26 12:0 a.m.•6 views

PT-2026-43378

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

8.8CVSS5.9AI score0.00096EPSS

Exploits0References6

Positive Technologies•added 2026/05/26 12:0 a.m.•9 views

PT-2026-43235

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service temporary disruption of VPN-related functionality...

8.1CVSS5.8AI score0.00024EPSS

Exploits0References2

Tenable Nessus•added 2026/05/26 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuTTY 0.72 before 0.84 has a double free in RSA KEX. CVE-2026-48850 Note that Nessus relies on the presence of the package as reported by the vendor...

5.9CVSS5.8AI score0.00055EPSS

Exploits0References3

Positive Technologies•added 2026/05/26 12:0 a.m.•4 views

PT-2026-47002

A flaw was found in gnutls. A use after free issue in client sending key share extension may lead to memory corruption and other consequences...

5.5AI score

Exploits0References13

Tenable Nessus•added 2026/05/26 12:0 a.m.•8 views

TencentOS Server 3: grafana (TSSA-2026:0374)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0374 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.5CVSS7.4AI score0.00021EPSS

Exploits0References4

RedhatCVE•added 2026/05/25 11:37 p.m.•8 views

CVE-2026-27172

A flaw was found in the camel-consul component of Apache Camel. An attacker with write access to the Consul Key-Value KV store could inject a malicious serialized Java object. When Apache Camel's ConsulRegistry deserializes this object, it can lead to arbitrary code execution within the Camel...

8.8CVSS6.2AI score0.00271EPSS

Exploits0References4

Snyk•added 2026/05/25 11:19 p.m.•5 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in handling shiroSavedRequest cookies, which use unprotected/unencrypted values for SAVEDREQUESTKEY. An authenticated user can cause the server to make blind HTTP GET requests to arbitrary URLs or redirect users to untrust...

5.4CVSS5.9AI score0.00119EPSS

Exploits0References3