CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1421 matches found

Positive Technologies•added 2026/05/29 12:0 a.m.•3 views

PT-2026-47573

Impact Stigmem nodes with federation enabled could be configured to run without mTLS outside loopback-only local development. In affected deployments, federation traffic may traverse the network without the intended transport protection. Impacted users are operators who enabled federation and...

9.1CVSS5.4AI score

Exploits0References3

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-45049

Summary PraisonAI's spider tools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spider tools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

5.5CVSS6.2AI score0.00014EPSS

Exploits0References3

Positive Technologies•added 2026/05/29 12:0 a.m.•4 views

PT-2026-47568

Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...

9.2CVSS5.5AI score

Exploits0References6

CNNVD•added 2026/05/29 12:0 a.m.•9 views

Neotoma 访问控制错误漏洞

Neotoma is a locally prioritized open-source tool developed by Mark Hendrickson as an AI agent for managing state and records across various tools. Versions of Neotoma from 0.6.0 to 0.11.1 contained an access control vulnerability. This vulnerability occurred when the application received request...

6.9CVSS5.8AI score0.00054EPSS

Exploits0References2

NVD•added 2026/05/28 6:16 p.m.•14 views

CVE-2026-45373

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. This vulnerability is fixed in 0.8.26...

7.4CVSS0.00032EPSS

Exploits0References3

OSV•added 2026/05/28 11:40 a.m.•3 views

SUSE-SU-2026:21860-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2024-14027: xattr: switch to CLASSfd bsc1259420. - CVE-2025-40181: x86/kvm: Force legacy PCI hole to UC when...

9.8CVSS6.6AI score0.00355EPSS

Exploits8References455

SUSE CVE•added 2026/05/28 3:52 a.m.•5 views

SUSE CVE-2026-46090

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

7.8CVSS5.7AI score0.00013EPSS

Exploits0References3

Positive Technologies•added 2026/05/28 12:0 a.m.•9 views

PT-2026-44369

Roundcube's HTML sanitization path for message rendering allows loopback, localhost, RFC1918, link-local, and ULA URLs even when remote content loading is disabled. A remote attacker can send an HTML email that causes the victim's browser to issue requests to local or private-network services...

4.7CVSS5.8AI score

Exploits0References6

NVD•added 2026/05/27 2:17 p.m.•9 views

CVE-2026-46090

7.8CVSS0.00013EPSS

Exploits0References4

OSV•added 2026/05/27 2:17 p.m.•2 views

UBUNTU-CVE-2026-46090

7.8CVSS5.7AI score0.00013EPSS

Exploits0References3

ATTACKERKB•added 2026/05/27 12:58 p.m.•5 views

CVE-2026-46090

5.7AI score0.00013EPSS

Exploits0References5Affected Software1

EUVD•added 2026/05/27 12:58 p.m.•8 views

EUVD-2026-32473

5.8AI score0.00013EPSS

Exploits0References4

Cvelist•added 2026/05/27 12:58 p.m.•37 views

CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop

7.8CVSS0.00013EPSS

Exploits0References4

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43958

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the ALSA loopback driver. The loopback check format function may stop the capture side when playback starts with parameters that do not match a runni...

9.8CVSS5.9AI score0.00254EPSS

Exploits12References280

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-44130

The LAPI router uses gin-contrib/gzip with DefaultDecompressHandle globally pkg/apiserver/controllers/controller.go. This middleware decompresses incoming request bodies without enforcing a maximum decompressed size. The endpoints /v1/watchers or /v1/watchers/login require no authentication. An...

8.2CVSS5.8AI score0.00074EPSS

Exploits0References3

RedhatCVE•added 2026/05/26 8:14 p.m.•12 views

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS5.8AI score0.00014EPSS

Exploits1References1

OSV•added 2026/05/26 7:16 a.m.•8 views

MAL-2026-4785 Malicious code in test-nonmal-pkg-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f52d81c9285fd103cfe5f8dc724c173c1b4e57e96cd56313cec119fbbbc9982 index.js is hex-name-obfuscated 0x-style string array and, on require, enumerates the entire process.env via Object.keysprocess.env into a snapshot...

5.8AI score

Exploits0References1