CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/10 6:17 p.m.•10 views

CVE-2026-50564

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS

NVD•added 2026/06/10 12:16 p.m.•13 views

CVE-2026-24067

Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and...

8.4CVSS0.00093EPSS

OSV•added 2026/06/09 9:59 p.m.•5 views

GHSA-MRHX-6PW9-Q5FH PhoenixStorybook has cross-session PubSub topic injection via URL parameter

Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic belongs to the current session. Any unauthenticated visitor who knows or guesses another user's playground topic can hijack the...

2.3CVSS5.5AI score0.00409EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:49 p.m.•7 views

CVE-2026-5080

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

5.9CVSS5.4AI score0.00374EPSS

RedhatCVE•added 2026/06/05 7:49 p.m.•5 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS5.5AI score0.00339EPSS

SUSE CVE•added 2026/06/04 2:21 a.m.•6 views

SUSE CVE-2026-46259

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading realparent in dotaskstat When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- dotaskstat var =...

5.8AI score0.0012EPSS

OSV•added 2026/06/01 3:12 p.m.•5 views

USN-8360-1 sslh vulnerability

It was discovered that sslh did not properly handle symbolic links when writing its PID file. A local attacker could possibly use this issue to overwrite arbitrary files...

9.3CVSS5.9AI score0.00158EPSS

Microsoft CVE•added 2026/05/28 8:4 a.m.•7 views

openvswitch: cap upcall PID array size and pre-size vport replies

...

7CVSS5.4AI score0.0018EPSS

Exploits0

SUSE CVE•added 2026/05/27 12:57 p.m.•9 views

SUSE CVE-2026-45840

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...

6.5CVSS5.9AI score0.0018EPSS

OSSF Malicious Packages•added 2026/05/22 7:52 p.m.•7 views

Malicious code in pg-expense-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d939ad3f0e8e9754bf3562f06692713a76d5c0f18ac13c956f9cb199ed0fbf On require/load, index.js unconditionally collects host identifiers hostname, username, platform, arch, cwd, pid and sends them as URL query paramete...

5.9AI score

OSSF Malicious Packages•added 2026/05/22 7:36 p.m.•10 views

Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

5.8AI score

Positive Technologies•added 2026/05/11 12:0 a.m.•12 views

PT-2026-39736

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting XSS vulnerability exists in lista arquivos etapa.php due to improper handling of user-supplied input. The id processo parameter is directly embedded into the HTML without sanitization,...

6.1CVSS6AI score0.00178EPSS

EUVD•added 2026/05/06 3:32 p.m.•7 views

EUVD-2026-27823

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId added in version 1.54 uses the value of the UNIQUEID environment variable for the session id. The UNIQUEID variable is set by the Apache moduniqueid...

9.1CVSS5.8AI score0.00321EPSS

NVD•added 2026/05/06 1:16 p.m.•12 views

CVE-2026-5081

9.1CVSS0.00321EPSS

Cvelist•added 2026/05/06 12:16 p.m.•29 views

CVE-2026-5081 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure

0.00321EPSS