CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53164 matches found

RedhatCVE•added 2026/05/11 8:27 p.m.•6 views

CVE-2026-44286

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery SSRF vulnerability allows attackers or authenticated users with App editing privileges to send arbitrary HTTP requests to internal/private network addresses. The fetchData function i...

2.3CVSS5.9AI score0.00043EPSS

Exploits0References1

RedhatCVE•added 2026/05/11 8:27 p.m.•12 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

9.8CVSS6AI score0.00045EPSS

Exploits4References1

GithubExploit•added 2026/05/11 7:41 p.m.•67 views

Exploit for Write-what-where Condition in Linux Linux_Kernel

🔍 Dirty Frag — CVE-2026-43284 / CVE-2026-43500 Detection Scrip...

8.8CVSS6.2AI score0.40266EPSS

Exploits31

CVE•added 2026/05/11 7:12 p.m.•8 views

CVE-2026-6146

CVE-2026-6146 affects Perl module Amazon::Credentials up to version 1.2.0. The root cause is the use of Perl’s built‑in rand to generate encryption keys, with secrets stored in an obfuscated form but not securely encrypted. Prior to 1.3.0, a 64‑bit key derived from rand is used, which is predicta...

5.3CVSS5.8AI score0.00027EPSS

Exploits0References3

RedhatCVE•added 2026/05/11 7:5 p.m.•11 views

CVE-2026-34059

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

8.2CVSS5.8AI score0.00118EPSS

Exploits0References4

RedhatCVE•added 2026/05/11 7:5 p.m.•5 views

CVE-2026-34032

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

8.2CVSS5.8AI score0.00247EPSS

Exploits0References4

RedhatCVE•added 2026/05/11 7:5 p.m.•12 views

CVE-2026-33857

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

7.5CVSS5.8AI score0.00247EPSS

Exploits0References4

CVE•added 2026/05/11 7:4 p.m.•6 views

CVE-2022-4988

CVE-2022-4988 relates to the Perl package Alien::FreeImage (through version 1.001). The issue is tied to the embedded FreeImage library (version 3.17.0, 2017), which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The description also notes that the FreeImage library embeds ot...

7.3CVSS5.8AI score0.00061EPSS

Exploits0References6

Github Security Blog•added 2026/05/11 6:31 p.m.•6 views

flash-attention contains an insecure deserialization vulnerability in its checkpoint loading mechanism

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains an insecure deserialization vulnerability CWE-502 in its checkpoint loading mechanism. The loadcheckpoint function in checkpoint.py and the checkpoint loading code in eval.py use...

7.3CVSS6.1AI score0.00047EPSS

Exploits0References4Affected Software1