CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

7.5CVSS5.7AI score0.00053EPSS

Exploits0References1

OSV•added 5 days ago•3 views

MINI-WHC6-53W4-MQJV

Bulletin has no description...

5.6CVSS6.7AI score0.00203EPSS

Exploits1

OSV•added 5 days ago•4 views

DEBIAN-CVE-2026-50260

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS5.4AI score0.00012EPSS

Exploits0References1

OSV•added 6 days ago•3 views

MINI-2H5P-3767-MXJV

Bulletin has no description...

6.3CVSS5.7AI score0.00034EPSS

Exploits0

OSV•added 6 days ago•2 views

MINI-XHG3-PRJ8-8C9R

Bulletin has no description...

6.5CVSS6.1AI score0.00275EPSS

Exploits0

OSV•added 2026/05/27 4:12 p.m.•3 views

MINI-X94H-5V25-3C84

Bulletin has no description...

7.5CVSS5.7AI score0.0007EPSS

Exploits0

OSV•added 2026/05/27 3:16 p.m.•5 views

DEBIAN-CVE-2026-45022

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

7.5CVSS5.8AI score0.00006EPSS

Exploits0References1

OSV•added 2026/05/11 6:17 a.m.•1 views

MINI-X6M2-J968-7C5X

Bulletin has no description...

7.5CVSS5.7AI score0.0002EPSS

Exploits0

OSV•added 2026/05/06 12:16 p.m.•0 views

DEBIAN-CVE-2026-43130

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pcidevisdisconnected to skip ATS...

5.5CVSS5.7AI score0.00015EPSS

Exploits0References1

OSV•added 2026/04/05 6:23 p.m.•0 views

MINI-VGC9-M7CX-6GJ4

Bulletin has no description...

7.5CVSS5.8AI score0.00018EPSS

Exploits0

OSV•added 2026/03/26 6:8 a.m.•2 views

BELL-CVE-2026-23312

Bulletin has no description...

5.5CVSS5.8AI score0.00037EPSS

Exploits0References1

OSV•added 2026/03/13 6:50 a.m.•2 views

ECHO-2738-AEB3-E4E1

Bulletin has no description...

6.8CVSS5.7AI score0.00019EPSS

Exploits0References1

OSV•added 2026/02/14 5:15 p.m.•2 views

DEBIAN-CVE-2026-23201

In the Linux kernel, the following vulnerability has been resolved: ceph: fix oops due to invalid pointer for kfree in parselongname This fixes a kernel oops when reading ceph snapshot directories .snap, for example by simply running ls /mnt/myceph/.snap. The variable str is guarded by freekfree,...

5.5CVSS5.2AI score0.00017EPSS

Exploits0References1

OSV•added 2026/02/04 8:42 a.m.•0 views

BELL-CVE-2025-71189

Bulletin has no description...

5.5CVSS4.9AI score0.00009EPSS

Exploits0References1

OSV•added 2026/01/29 12:49 a.m.•1 views

CGA-W6FJ-XRHF-QQ4M

Bulletin has no description...

8.8CVSS7.3AI score0.00431EPSS

Exploits1

OSV•added 2026/01/29 12:48 a.m.•2 views

CGA-XRJC-8JC2-9H2C

Bulletin has no description...

7.5CVSS5.8AI score0.00183EPSS

Exploits1

OSV•added 2026/01/20 9:16 p.m.•1 views

DEBIAN-CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS7.8AI score0.00016EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by