CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12939 matches found

CNNVD•added 2026/04/28 12:0 a.m.•7 views

Notes MCP server 路径遍历漏洞

Notes MCP Server is a text content collaboration management tool developed by Edvard Lindelof. Versions of Notes MCP Server prior to 0.1.4 contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of parameters rootdir and path in the notesmcp.py file, which cou...

7.5CVSS7.1AI score0.00066EPSS

Exploits0References2

RedHat Linux•added 2026/04/27 11:24 p.m.•11 views

Important: Red Hat Security Advisory: RHACS 4.8.11 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.8CVSS6.7AI score0.0008EPSS

Exploits2References10

RedHat Linux•added 2026/04/27 8:25 p.m.•6 views

Important: Red Hat Security Advisory: RHACS 4.8.11 security and bug fix update

9.8CVSS5.2AI score0.0008EPSS

Exploits2References9

Github Security Blog•added 2026/04/25 11:40 p.m.•6 views

Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Summary After a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM's soft-delete scope does not...

5.3CVSS5.8AI score0.00037EPSS

Exploits0References5Affected Software1

Snyk•added 2026/04/25 11:40 p.m.•0 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the GetNoteByID function. An attacker can access notes and assets from soft-deleted public books by directly querying endpoints with known note IDs or slug paths, even after the book has been deleted. This...

6.9CVSS5.7AI score0.00037EPSS

Exploits0References2

OSV•added 2026/04/25 11:40 p.m.•2 views

GHSA-3GR9-485J-V4XF Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

5.3CVSS5.8AI score0.00037EPSS

Exploits0References5

RedhatCVE•added 2026/04/25 11:34 a.m.•0 views

CVE-2026-6941

A flaw was found in radare2. A local attacker can exploit this path traversal vulnerability by importing a specially crafted .zrp archive. This malicious archive contains a symlinked notes.txt file that bypasses directory confinement checks, allowing the attacker to read or write arbitrary files...

7.8CVSS5.6AI score0.00044EPSS

Exploits1References2

GithubExploit•added 2026/04/25 5:3 a.m.•103 views

Exploit for Observable Timing Discrepancy in Triliumnotes Trilium

CVE-2025-68621 — Trilium Notes Timing Attack on /api/login/sy...

7.4CVSS6.2AI score0.00034EPSS

Exploits2

OSV•added 2026/04/24 9:8 a.m.•2 views

BIT-GITLAB-2025-6016 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain...

6.5CVSS5.4AI score0.00032EPSS

Exploits0References4

EUVD•added 2026/04/23 9:31 p.m.•1 views

EUVD-2026-25302

radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...

6.9CVSS5.9AI score0.00044EPSS

Exploits1References4

NVD•added 2026/04/23 9:16 p.m.•0 views

CVE-2026-6941

7.8CVSS0.00044EPSS

Exploits1References3

AlpineLinux•added 2026/04/23 8:39 p.m.•2 views

CVE-2026-6941

7.8CVSS5.5AI score0.00044EPSS

Exploits1References3

Debian CVE•added 2026/04/23 8:39 p.m.•1 views

CVE-2026-6941

7.8CVSS5.5AI score0.00044EPSS

Exploits1

ATTACKERKB•added 2026/04/23 8:39 p.m.•0 views

CVE-2026-6941

6.9CVSS5.9AI score0.00044EPSS

Exploits1References4

CVE•added 2026/04/23 8:39 p.m.•4 views

CVE-2026-6941

Summary: CVE-2026-6941 affects radare2 prior to 6.1.4 and is a local path traversal in project notes handling. A crafted .zrp archive containing a symlinked notes.txt can bypass directory confinement checks, causing note operations to follow the symlink and read or write files outside the configu...

7.8CVSS5.9AI score0.00044EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/04/23 8:39 p.m.•3 views

CVE-2026-6941 radare2 < 6.1.4 Project Notes Path Traversal via Symlink

6.9CVSS5.5AI score0.00044EPSS

Exploits1References3

RedHat Linux•added 2026/04/23 4:7 p.m.•6 views

Important: Red Hat Security Advisory: OpenJDK 17.0.19 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

8.3CVSS7.2AI score0.00215EPSS

Exploits4References2

Tenable Nessus•added 2026/04/23 12:0 a.m.•1 views

FreeBSD : Gitlab -- vulnerabilities (73b927a6-3ecd-11f1-be20-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 73b927a6-3ecd-11f1-be20-2cf05da270f3 advisory. Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab...

8.1CVSS5.4AI score0.00078EPSS

Exploits0References13