CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 3 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-43994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t...

8.1CVSS6.1AI score0.0006EPSS

Cvelist•added 5 days ago•16 views

CVE-2026-43994 Coturn: Stack buffer overflow in decode_oauth_token_gcm()

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS0.0006EPSS

CVE•added 5 days ago•14 views

CVE-2026-43994

CVE-2026-43994 – Coturn: A stack buffer overflow exists in decode_oauth_token_gcm() for versions prior to 4.10.0. A uint16_t nonce_len read from an attacker-controlled OAuth token is passed to memcpy() to copy into a 256-byte buffer without bounds checking, allowing up to 735 bytes of data to ove...

8.1CVSS5.6AI score0.0006EPSS

Debian CVE•added 5 days ago•5 views

CVE-2026-43994

8.1CVSS6.1AI score0.0006EPSS

Exploits0

ATTACKERKB•added 5 days ago•5 views

CVE-2026-43994

8.1CVSS5.7AI score0.0006EPSS

Exploits0References3Affected Software1

EUVD•added 2026/06/12 3:8 p.m.•11 views

EUVD-2026-32593

Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection...

7.7CVSS5.2AI score0.00217EPSS

OSV•added 2026/06/12 3:8 p.m.•3 views

GHSA-G6QX-G4PR-92V7 Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

Summary The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts line 59 uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound HTTP call automation steps, plugin downloads,...

7.7CVSS5.6AI score0.00217EPSS

Github Security Blog•added 2026/06/12 3:8 p.m.•13 views

Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

7.7CVSS5.5AI score0.00217EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/06/12 8:52 a.m.•10 views

CVE-2026-50623 Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService

An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint /services/oauth2/introspect can be accessed by any unauthenticated network attacker. However note that th...

5.3AI score0.00435EPSS

RedhatCVE•added 2026/06/05 7:29 p.m.•8 views

CVE-2026-28735

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

5.4CVSS5.5AI score0.00181EPSS

EUVD•added 2026/06/02 12:31 a.m.•12 views

EUVD-2026-33851

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social...

4.3CVSS5.8AI score0.00168EPSS

NVD•added 2026/06/02 12:16 a.m.•12 views

CVE-2026-9048

4.3CVSS0.00168EPSS

Vulnrichment•added 2026/06/01 11:28 p.m.•11 views

CVE-2026-9048 Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

4.3CVSS5.8AI score0.00168EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•9 views

PT-2026-45666

4.3CVSS5.8AI score0.00168EPSS

CVE•added 2026/05/27 5:0 p.m.•15 views

CVE-2026-48146

Budibase - CVE-2026-48146: Before 3.39.0, the OAuth2 token fetch in packages/server/src/sdk/workspace/oauth2/utils.ts calls raw fetch(config.url) without SSRF protection, while a safe wrapper fetchWithBlacklist() exists and is used for other outbound calls. This allows a user with BUILDER rights ...

7.7CVSS5.8AI score0.00217EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-44057

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses a raw fetchconfig.url call without Server-Side Request Forgery SSRF protection. SSRF is a flaw that allows ...

7.7CVSS5.8AI score0.00217EPSS

Exploits0References7

OSSF Malicious Packages•added 2026/05/26 1:1 a.m.•11 views

Malicious code in weavedb-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 469844df44557b10f865edf7d3d000fd90c901c6a42cc5402116247dca1528f0 package.json declares "preinstall": "./scripts/postbuild". The referenced file is not a script but a 976,568-byte UPX-packed Linux x86-64 ELF binary...

5.8AI score

OSV•added 2026/05/26 12:35 a.m.•6 views

MAL-2026-4454 Malicious code in @taskd/maritime-email-processor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5aef29b4050fca18dd803428274de6072ff7412ecd134bd68dcc1f5e8fa150 The package's sole exported function emailProcessor in dist/index.mjs POSTs to a hardcoded endpoint https://job-api.alex-c92.workers.dev, sending the...

5.8AI score

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42799

5.4CVSS5.8AI score0.00181EPSS