CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20476 matches found

Positive Technologies•added 2 days ago•6 views

PT-2026-48354

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser avrc pars vendor cmd in components/bt/host/bluedroid/stack/avrc/avrc pars tg.c. This issue has been...

4.6CVSS5.4AI score0.00027EPSS

Exploits0References8

Positive Technologies•added 2 days ago•5 views

PT-2026-48530

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the protocol parser. A malicious broker or machine-in-the-middle attacker can exhaust memory or hang connections by sending a crafted 4-byte frame length valu...

8.7CVSS5.5AI score0.00042EPSS

Exploits0References6

Positive Technologies•added 2 days ago•5 views

PT-2026-48403

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score0.00098EPSS

Exploits0References4

Positive Technologies•added 2 days ago•3 views

PT-2026-48419

Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate...

6.7CVSS5.5AI score0.00013EPSS

Exploits1References3

NVD•added 3 days ago•6 views

CVE-2026-46374

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS0.0004EPSS

Exploits0References1

Vulnrichment•added 3 days ago•4 views

CVE-2026-46374 SQLFluff: Uncontrolled Resource Consumption in Parser

7.5CVSS5.5AI score0.0004EPSS

Exploits0References1

Debian CVE•added 3 days ago•5 views

CVE-2026-46374

7.5CVSS5.5AI score0.0004EPSS

Exploits0

CVE•added 3 days ago•15 views

CVE-2026-46374

SQLFluff (Python SQL linter/formatter) contains a Denial of Service vulnerability (CVE-2026-46374) in versions prior to 4.2.0 when untrusted users can submit long SQL queries for linting, causing resource exhaustion during parsing. The issue is triggered by the parser creating an excessive parse ...

7.5CVSS5.5AI score0.0004EPSS

Exploits0References1

Cvelist•added 3 days ago•35 views

CVE-2026-46374 SQLFluff: Uncontrolled Resource Consumption in Parser

7.5CVSS0.0004EPSS

Exploits0References1

EUVD•added 3 days ago•5 views

EUVD-2026-35855

7.5CVSS5.5AI score0.0004EPSS

Exploits0References1

Cvelist•added 3 days ago•33 views

CVE-2026-46373 SQLFluff: Recursive Stack Overflow in Parser

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...

7.5CVSS0.0004EPSS

Exploits0References1

CVE•added 3 days ago•13 views

CVE-2026-46373

Affected software: SQLFluff (SQL linter/formatter) with parsers for multiple dialects. Vulnerability: In versions before 4.1.0, an untrusted user can submit deeply nested SQL queries that trigger a Denial of Service through resource exhaustion when parsed. Root cause: recursive/stack-based parsin...

7.5CVSS5.5AI score0.0004EPSS

Exploits0References1

Vulnrichment•added 3 days ago•4 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

8.7CVSS5.8AI score0.00098EPSS

Exploits0References3

NVD•added 3 days ago•6 views

CVE-2026-45771

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...

7.5CVSS0.00044EPSS

Exploits0References2

Cvelist•added 3 days ago•30 views

CVE-2026-49847 FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS0.0004EPSS

Exploits0References2

EUVD•added 3 days ago•5 views

EUVD-2026-35470

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...

7.5CVSS5.4AI score0.00059EPSS

Exploits0References2

Vulnrichment•added 3 days ago•3 views

CVE-2026-49472 FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

5.3CVSS5.4AI score0.0004EPSS

Exploits0References2

EUVD•added 3 days ago•6 views

EUVD-2026-35468

7.5CVSS5.4AI score0.00044EPSS

Exploits0References2