CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/04 6:7 p.m.•7 views

ROOT-APP-NPM-CVE-2024-45590 CVE-2024-45590 in @rootio/body-parser - Patched by Root

Root has patched CVE-2024-45590 in the @rootio/body-parser package for Root:npm. Multiple fixed versions available...

7.5CVSS7.6AI score0.01535EPSS

Exploits1

EUVD•added 2026/06/04 5:22 p.m.•7 views

EUVD-2026-34307

6.9CVSS5.8AI score0.0004EPSS

Vulnrichment•added 2026/06/04 5:22 p.m.•3 views

CVE-2026-41207 netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

6.9CVSS5.5AI score0.0004EPSS

IBM Security Bulletins•added 2026/06/04 4:53 p.m.•17 views

Security Bulletin: Vulnerability in jackson-core-2.15.2.jar

Summary Vulnerability in jackson-core-2.15.2.jar Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This allows an attacker to send JSON with...

5.8AI score

Exploits0Affected Software1

Snyk•added 2026/06/04 4:22 p.m.•4 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the pngpushreadchunk function in the push-mode APNG parser. An attacker can inject chunked data with a malicious PNG file containing attacker-controlled bytes in an ignored ancillary chunk, which are then...

5.4CVSS5.5AI score0.00034EPSS

OSV•added 2026/06/04 4:16 p.m.•5 views

ALPINE-CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.4AI score0.00034EPSS

vulnersOsv•added 2026/06/04 3:23 p.m.•2 views

31g-form-parser (=1.0.107), @0xmike/web-kit (>=0.0.6 <=0.1.1) +452 more potentially affected by CVE-2026-34077 via turbo-stream (>=1.2.1 <=2.4.1)

turbo-stream NPM version =1.2.1, =0.0.6, =4.0.0, =4.15.0, =0.0.3, =1.4.0, =0.0.1, =1.2.0, =1.2.0, =0.1.0, =1.0.10, =0.0.2, =1.0.0, =0.0.2, =0.0.13 and more Source cves: CVE-2026-34077 Source advisory: OSV:GHSA-RXV8-25V2-QMQ8...

7.5CVSS5.4AI score0.00055EPSS

Exploits0

ATTACKERKB•added 2026/06/04 2:34 p.m.•4 views

CVE-2026-40930

Exploits0References3Affected Software2

AlpineLinux•added 2026/06/04 2:34 p.m.•4 views

CVE-2026-40930

CVE•added 2026/06/04 2:34 p.m.•35 views

Exploits0

CVE-2026-40930

CVE-2026-40930 concerns LIBPNG (v1.8.0) where three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC. This allows attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk heade...

EUVD•added 2026/06/04 2:34 p.m.•7 views

Exploits0References3

EUVD-2026-34287

ATTACKERKB•added 2026/06/04 1:34 p.m.•4 views

CVE-2026-8762

After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects without an exploitable framing-disagreement path in any tested deployment configuration...

5.8AI score

NVD•added 2026/06/04 6:16 a.m.•9 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

5.9CVSS0.00015EPSS

Nuclei•added 2026/06/04 3:48 a.m.•73 views

Apache Solr <= 7.1 - XML Entity Injection

Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

9.8CVSS7.7AI score0.93891EPSS

Exploits11References5

SUSE CVE•added 2026/06/04 2:23 a.m.•6 views

SUSE CVE-2026-45676

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section...

5.5CVSS5.7AI score0.00022EPSS

Exploits1References3

SUSE CVE•added 2026/06/04 2:23 a.m.•6 views

SUSE CVE-2026-45685

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetr...

7.5CVSS5.8AI score0.00309EPSS

Exploits1References3

SUSE CVE•added 2026/06/04 2:23 a.m.•7 views

SUSE CVE-2026-45686

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

7.5CVSS5.9AI score0.00066EPSS

Exploits1References3

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46315

Name of the Vulnerable Software and Affected Versions netty incubator codec-ohttp versions prior to 0.0.22.Final Description The codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp fails to verify the receipt of a cryptographically-signed final chunk before the outer HTTP body terminates...

8.7CVSS5.5AI score0.00023EPSS

Exploits0References4

Positive Technologies•added 2026/06/04 12:0 a.m.•5 views

PT-2026-47166

CVE-2026-8762 - Atlassian Confluence Server-Side Request Forgery CVE ID :CVE-2026-8762 Published : June 4, 2026, 2:16 p.m. | 57 minutes ago Description :Rejected reason: After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were...

5.5AI score