CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

170348 matches found

OSV•added 2026/06/17 5:16 p.m.•6 views

DEBIAN-CVE-2026-12151

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS5.3AI score0.0046EPSS

Exploits0References1

OSV•added 2026/06/17 5:16 p.m.•7 views

UBUNTU-CVE-2026-12151

7.5CVSS5.9AI score0.0046EPSS

Exploits0References3

Debian CVE•added 2026/06/17 4:56 p.m.•5 views

CVE-2026-9679

Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into their literal byte equivalents. RFC 6265 §5.4 does not specify any decoding and browsers do not decode either. Applications that parse a...

5.9CVSS5.5AI score0.00257EPSS

Exploits0

OSV•added 2026/06/17 4:50 p.m.•3 views

CGA-VHHH-3GGV-2X45

Bulletin has no description...

8.2CVSS5AI score0.00228EPSS

Exploits0

OSV•added 2026/06/17 4:50 p.m.•5 views

CGA-MXWC-VWW2-3Q6Q

Bulletin has no description...

3.1CVSS5AI score0.00106EPSS

Exploits0

OSV•added 2026/06/17 4:50 p.m.•5 views

CGA-H3VR-468G-VFG2

Bulletin has no description...

5.3CVSS4.8AI score0.00306EPSS

Exploits1

Cvelist•added 2026/06/17 4:42 p.m.•15 views

CVE-2026-48591 Stored XSS via unescaped HTML attribute values in earmark

Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...

4.8CVSS0.00133EPSS

Exploits0References2