CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/29 12:0 a.m.•4 views

brace-expansion 资源管理错误漏洞

Brace-expansion is a JavaScript extension developed by Julian Gruber. Versions of Brace-expansion 5.0.0 to 5.0.6 had a resource management vulnerability. This vulnerability stemmed from the max option being applied too late. When expanding a large range of values, the sequence generation loop...

6.5CVSS5.8AI score0.00041EPSS

OSV•added 2026/05/28 11:16 p.m.•5 views

DEBIAN-CVE-2026-10001

Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00073EPSS

NVD•added 2026/05/28 11:16 p.m.•4 views

CVE-2026-10001

8.3CVSS0.00073EPSS

Debian CVE•added 2026/05/28 10:25 p.m.•8 views

CVE-2026-10001

8.3CVSS5.8AI score0.00073EPSS

Cvelist•added 2026/05/28 10:25 p.m.•26 views

CVE-2026-10001

0.00073EPSS

CVE•added 2026/05/28 10:25 p.m.•14 views

CVE-2026-10001

CVE-2026-10001 affects Google Chrome/Chromium’s PerformanceManager: a use-after-free in PerformanceManager can allow a remote attacker who has already compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Impact is described as high (CVSS 3.1: AV:N/AC:H/PR:N/...

8.3CVSS5.8AI score0.00073EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/28 10:25 p.m.•8 views

CVE-2026-10001

5.8AI score0.00073EPSS

OSV•added 2026/05/28 3:43 p.m.•8 views

RLSA-2026:19351 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root...

7.8CVSS7.3AI score0.00019EPSS

Exploits0References3

Rockylinux•added 2026/05/28 3:43 p.m.•11 views

grafana-pcp security update

An update is available for grafana-pcp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...

7.5CVSS7.3AI score0.00019EPSS

Fedora•added 2026/05/28 1:13 a.m.•10 views

[SECURITY] Fedora 44 Update: uv-0.11.15-1.fc44

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

5.8AI score

Fedora•added 2026/05/28 12:48 a.m.•11 views

[SECURITY] Fedora 43 Update: uv-0.11.15-1.fc43

5.8AI score

CNNVD•added 2026/05/28 12:0 a.m.•6 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the management router did not perform authentication on performance analysis endpoints, which could...

8.8CVSS5.8AI score0.00075EPSS

NVD•added 2026/05/27 2:16 p.m.•6 views

CVE-2026-3676

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced...

6.5CVSS0.00053EPSS

OSV•added 2026/05/27 2:16 p.m.•2 views

UBUNTU-CVE-2026-45860

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: increase the connection clean up limit to 64 After the optimization to only perform one GC per jiffy, a new problem was introduced. If more than 8 new connections are tracked per jiffy the list won't be...

7.5CVSS5.7AI score0.00068EPSS

Exploits0References3

Vulnrichment•added 2026/05/27 12:48 p.m.•5 views

CVE-2026-3676 There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

6.5CVSS5.8AI score0.00053EPSS

Cvelist•added 2026/05/27 12:48 p.m.•37 views

CVE-2026-3676 There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

6.5CVSS0.00053EPSS

Vulnrichment•added 2026/05/27 12:45 p.m.•7 views

CVE-2026-3623 Vulnerabilities exists in IBM Netezza Performance Server Replication Services

IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successf...

7.8CVSS5.9AI score0.00015EPSS

OSV•added 2026/05/27 12:11 a.m.•6 views

GHSA-8XX9-69P8-7JP3 LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body

Summary The renderLimit option — documented in docs/source/tutorials/dos.md as the mechanism that "mitigates this by limiting the time consumed by each render call" — can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The per-iteration time check is reached only when the...

6.5CVSS5.8AI score