CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2 days ago•4 views

CVE-2026-47324

ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting XSS in multiple attributes of students and teachers objects. An authorized attacker e.g., a teacher or administrator can inject malicious JavaScript that is subsequently executed in other users’ browsers...

5.1CVSS6.1AI score0.0015EPSS

Exploits0References3Affected Software1

SUSE CVE•added 3 days ago•9 views

SUSE CVE-2026-10532

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

Tenable Nessus•added 3 days ago•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-10532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albe...

EUVD•added 4 days ago•7 views

EUVD-2026-33723

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

8.2CVSS5.8AI score0.00045EPSS

NVD•added 4 days ago•9 views

CVE-2026-10532

6.3CVSS0.00086EPSS

OSV•added 4 days ago•5 views

UBUNTU-CVE-2026-10532

Vulnrichment•added 4 days ago•7 views

CVE-2026-10532 Logback deserialization whitelist bypass for Proxy objects

CVE•added 4 days ago•22 views

CVE-2026-10532

The CVE-2026-10532 issue concerns deserialization of untrusted data in QOS.CH Sarl logback-logback-core’s HardenedObjectInputStream module, allowing Object Injection when serialized data is directed at SimpleSocketServer or SimpleSSLSocketServer to instantiate Proxy objects. The vulnerability is ...

Cvelist•added 4 days ago•27 views

CVE-2026-10532 Logback deserialization whitelist bypass for Proxy objects

6.3CVSS0.00086EPSS

CVE•added 5 days ago•12 views

CVE-2026-10201

Assimp up to 6.0.4 contains a vulnerability in FBXExporter::WriteObjects (FBXExporter.cpp) within the UV Channel Handler. A manipulation can trigger a divide-by-zero error when processing FBX data, requiring local access to exploit. Public disclosure of the exploit is noted, and applying a patch ...

4.8CVSS5.3AI score0.00013EPSS

Exploits0References7

Github Security Blog•added last week•14 views

go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

5.7AI score

Exploits0References2Affected Software2

OSV•added last week•3 views

GHSA-W5PP-99CH-QJ29 go-git: Malformed Git object data may cause panics or resource exhaustion

6.5CVSS5.7AI score

Exploits0References2

Snyk•added last week•5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the BaseHandler.set trap in lib/bridge.js. An...

9.2CVSS6.2AI score

Exploits0References2

Snyk•added last week•5 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through Symbol.for handling in lib/setup-sandbox.js and the bridge write traps in lib/bridge.js...

9.5CVSS5.9AI score

Exploits0References2

Microsoft Secure•added last week•12 views

Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection

As threats become more coordinated and faster to execute, endpoint protection has become the proving ground for modern defense. For the seventh consecutive time, Microsoft has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. We believe this reflects both the...

5.8AI score

Exploits0

Cvelist•added last week•30 views

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS0.00049EPSS

Tenable Nessus•added 2026/05/29 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-45861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gfs2: Fix slab-use-after-free in qdput Commit a475c5dd16e5 gfs2: Free quota data objects synchronously started freeing quota data objects during filesystem...

7.8CVSS5.8AI score0.00013EPSS

EUVD•added 2026/05/28 6:28 p.m.•6 views

EUVD-2026-32987

Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in notification handling code. The bug can be triggered by an unprivileged local user and can result in information disclosure from adjacent...

5.5CVSS5.8AI score0.00014EPSS