CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53174 matches found

OSV•added 2026/05/07 8:16 p.m.•6 views

DEBIAN-CVE-2026-42501

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

7.5CVSS5.8AI score0.00008EPSS

Exploits0References1

NVD•added 2026/05/07 8:16 p.m.•8 views

CVE-2026-42501

7.5CVSS0.00008EPSS

Exploits0References4

OSV•added 2026/05/07 8:16 p.m.•2 views

UBUNTU-CVE-2026-42501

7.5CVSS5.8AI score0.00008EPSS

Exploits0References8

UbuntuCve•added 2026/05/07 8:16 p.m.•5 views

CVE-2026-42501

7.5CVSS5.8AI score0.00008EPSS

Exploits0References7

OSV•added 2026/05/07 8:7 p.m.•4 views

MAL-2026-3371 Malicious code in pycacheopt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf50eae305079227b5283e08547cc201f941624c95e49460c3e6544cdd1e221b The extension module hides code that in specific circumstances executes given code. The malicious action is hidden only in the extension module with the...

5.9AI score

Exploits0References2

OSSF Malicious Packages•added 2026/05/07 8:7 p.m.•7 views

Malicious code in pycacheopt (PyPI)

5.9AI score

Exploits0References2

ATTACKERKB•added 2026/05/07 7:41 p.m.•9 views

CVE-2026-42501

5.8AI score0.00008EPSS

Exploits0References5Affected Software1

CVE•added 2026/05/07 7:41 p.m.•17 views

CVE-2026-42501

CVE-2026-42501 affects the Go toolchain download path via untrusted module proxies (GOMODPROXY) or checksum databases (GOSUMDB). The flaw allows a malicious module proxy to bypass checksum database validation when the Go toolchain is downloaded/selected (via GOTOOLCHAIN, go.work, or go.mod toolch...

7.5CVSS5.8AI score0.00008EPSS

Exploits0References4Affected Software1

Debian CVE•added 2026/05/07 7:41 p.m.•6 views

CVE-2026-42501

7.5CVSS5.8AI score0.00008EPSS

Exploits0

Vulnrichment•added 2026/05/07 7:41 p.m.•8 views

CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

5.8AI score0.00008EPSS

Exploits0References4

AlpineLinux•added 2026/05/07 7:41 p.m.•8 views

CVE-2026-42501

7.5CVSS5.8AI score0.00008EPSS

Exploits0

OSV•added 2026/05/07 7:37 p.m.•3 views

GHSA-R736-2678-FCRX FacturaScripts vulnerable to stored XSS via product reference in sales/purchases

Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...

5.4CVSS6.1AI score0.00029EPSS

Exploits0References2

OSV•added 2026/05/07 7:33 p.m.•3 views

GHSA-Q7F2-RV22-2XGR FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

Summary Fectura Scripts is an open-source ERP application, a sensitive information disclosure vulnerability was identified in the Library module's image upload and download pipeline. The application fails to strip EXIF and other embedded metadata from user-uploaded image files before storing them...

6.5CVSS5.8AI score0.00034EPSS

Exploits0References4

Github Security Blog•added 2026/05/07 7:33 p.m.•4 views

FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

6.5CVSS7.1AI score0.00034EPSS

Exploits0References4Affected Software1

Snyk•added 2026/05/07 7:21 p.m.•6 views

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol. Go Vulnerability Report: A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any...

7.5CVSS5.8AI score0.00008EPSS

Exploits0References3

OSV•added 2026/05/07 7:21 p.m.•6 views

GO-2026-4984 Malicious module proxy can bypass checksum database in cmd/go

7.5CVSS5.8AI score0.00008EPSS

Exploits0References3

RedHat Linux•added 2026/05/07 7:8 p.m.•4 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.8AI score0.00064EPSS

Exploits0References5

RedHat Linux•added 2026/05/07 7:8 p.m.•3 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.00017EPSS

Exploits0References5

RedhatCVE•added 2026/05/07 6:10 p.m.•5 views

CVE-2026-42483

A flaw was found in hashcat. A heap-based buffer overflow allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is calculated from untruste...

9.8CVSS6.3AI score0.00113EPSS

Exploits1References2

OSV•added 2026/05/07 4:17 p.m.•3 views

JLSEC-2026-464 Mbed TLS might use cloned PSA random generator states

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

7.7CVSS5.8AI score0.00016EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by