CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 days ago•6 views

EUVD-2026-35090

A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

5.4AI score0.00308EPSS

OSV•added 2026/05/12 8:56 a.m.•3 views

BIT-PHP-MIN-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...

OSV•added 2026/05/12 8:50 a.m.•3 views

BIT-LIBPHP-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault

CNNVD•added 2026/05/12 12:0 a.m.•5 views

NanaZip 数字错误漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained a numerical error vulnerability. This vulnerability stemmed from the UFS/UFS2 file system image parser not verifying the value of the fsipg field in the superblock. When this...

5.5CVSS5.8AI score0.00014EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40308

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAP PERSISTENCE SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the...

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

Exploits0References3

PT-2026-40298

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAP PERSISTENCE SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the...

Vulnrichment•added 2026/05/11 8:7 p.m.•7 views

Exploits0References3

CVE-2026-28955

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

7.1AI score0.00025EPSS

Exploits0References7

SUSE CVE•added 2026/05/11 2:17 p.m.•8 views

SUSE CVE-2026-7261

8.1CVSS5.8AI score0.00096EPSS

Exploits0References8

EUVD•added 2026/05/10 4:7 a.m.•6 views

EUVD-2026-28970

6.3CVSS5.8AI score0.00096EPSS

Debian CVE•added 2026/05/10 4:7 a.m.•8 views

CVE-2026-7261

ATTACKERKB•added 2026/05/10 4:7 a.m.•3 views

Exploits0

CVE-2026-7261

6.3CVSS5.8AI score0.00096EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/10 4:7 a.m.•41 views

CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault

6.3CVSS0.00096EPSS

CNNVD•added 2026/05/04 12:0 a.m.•8 views

Postfix 安全漏洞

Postfix is an open-source mail transfer agent software developed by Postfix. Vulnerabilities existed in versions prior to Postfix 3.8.16, 3.9.10, and 3.10.9. These vulnerabilities stemmed from the lack of text after the third digit in enhanced status codes, which could lead to excessive buffer...

7.5CVSS5.9AI score0.00077EPSS

CNNVD•added 2026/05/04 12:0 a.m.•5 views

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier have code vulnerabilities related to null...

5.3CVSS5.9AI score0.00648EPSS

CNNVD•added 2026/04/08 12:0 a.m.•4 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios itself, based on Promise a solution for asynchronous programming. Versions of Axios prior to 1.13.2 contain security vulnerabilities; these vulnerabilities stem from state corruption and could potentially lead to process crashes...

5.9CVSS5.8AI score0.00021EPSS

Exploits1References1

CNNVD•added 2026/04/06 12:0 a.m.•4 views

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.36 contained a security vulnerability; this vulnerability stemmed from infinite recursion in the parser, which could lead to process crashes...

7.5CVSS5.8AI score0.00082EPSS

Exploits1References1

CNNVD•added 2026/03/31 12:0 a.m.•4 views

iccDEV 安全漏洞

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities; these vulnerabilities stemmed from stack overflows during the processing of custom ICC configuration files, which coul...

6.2CVSS5.9AI score0.00006EPSS

Exploits1References4

EUVD•added 2026/03/20 6:31 p.m.•0 views

EUVD-2025-208893

A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later...

6.9CVSS6AI score0.00145EPSS

NVD•added 2026/03/20 5:16 p.m.•1 views

CVE-2025-59383

9.1CVSS0.00145EPSS