CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/12 8:54 p.m.•2 views

OPENSUSE-SU-2026:20361-1 Security update for osc, obs-scm-bridge

This update for osc, obs-scm-bridge fixes the following issues: Changes in osc: - 1.24.0 - Command-line: - Add '--target-owner' option to 'git-obs repo fork' command - Add '--self' parameter to fix 'no matching parent repo' error message in 'git-obs pr create' - Fix 'osc aggregatepac' for scmsync...

7.3CVSS6AI score0.00205EPSS

Huntr•added 2026/03/12 3:45 p.m.•3 views

Uncontrolled Search Path in HunposTagger Allows Untrusted Local Binary Selection in nltk/nltk

This report is not public...

5.3AI score

Exploits0

OSSF Malicious Packages•added 2026/03/12 2:5 p.m.•3 views

Malicious code in @adamallana0909/apple-research-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d8bddd202efdf484dda4f9ff697fb7eab0e1227f76c736d92e6af21a85b89fe The package @adamallana0909/apple-research-test was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score

Exploits0

OSV•added 2026/03/12 9:15 a.m.•1 views

UBUNTU-CVE-2026-4015

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtinprocesstexml of the file src/filters/loadtext.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit...

5.3CVSS6.1AI score0.00127EPSS

Exploits0References10

Cvelist•added 2026/03/12 6:2 a.m.•27 views

CVE-2026-3994 rui314 mold Object File input-files.cc initialize_sections heap-based overflow

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X8664::initializesections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a...

5.3CVSS0.00127EPSS

Snyk•added 2026/03/12 12:36 a.m.•3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the Management API when an authenticated user with a valid low-privilege token specifies a different tenant's projectid, grantid, or appid. An attacker can access sensitive...

7.7CVSS5.9AI score0.00393EPSS

Exploits0References2

Snyk•added 2026/03/12 12:36 a.m.•5 views

Authorization Bypass Through User-Controlled Key

7.7CVSS5.9AI score0.00393EPSS

Exploits0References2

Fedora•added 2026/03/12 12:16 a.m.•6 views

[SECURITY] Fedora 44 Update: python-lxml-html-clean-0.4.4-1.fc44

HTML cleaner from lxml project...

6.1CVSS5.8AI score0.00254EPSS

Exploits2

CNNVD•added 2026/03/12 12:0 a.m.•4 views

GPAC 缓冲区错误漏洞

GPAC is an open-source multimedia framework developed by GPAC. The GPAC 26.03-DEV version contains a buffer error vulnerability, which stems from an out-of-bounds write operation in the function svinprocess of the SVG Parser component’s src/filters/loadsvg.c file...

5.3CVSS6.2AI score0.00115EPSS

Exploits0References7

CVE•added 2026/03/12 12:0 a.m.•8 views

CVE-2025-61154

CVE-2025-61154 : A heap buffer overflow in LibreDWG affects versions 0.13.3.7571 through 0.13.3.7835. The overflow occurs in the decompression path while processing DWG files in the function decompress_R2004_section (decode.c), leading to Denial of Service (DoS). The available documents consisten...

6.5CVSS6AI score0.00218EPSS

Exploits0References2Affected Software1

NVD•added 2026/03/11 10:16 p.m.•1 views

CVE-2026-32131

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

7.7CVSS0.00393EPSS

EUVD•added 2026/03/11 9:38 p.m.•2 views

EUVD-2026-11410

ATTACKERKB•added 2026/03/11 9:38 p.m.•2 views

CVE-2026-32131

Exploits0References4Affected Software1

Vulnrichment•added 2026/03/11 9:38 p.m.•2 views

CVE-2026-32131 ZITADEL Cross-Tenant Information Disclosure in Management API

OSV•added 2026/03/11 9:38 p.m.•3 views

CVE-2026-32131 ZITADEL Cross-Tenant Information Disclosure in Management API

EUVD•added 2026/03/11 9:31 p.m.•4 views

Exploits0References5

EUVD-2026-11403

A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoint. Such manipulation leads to code injection. The attack may be launched remotely. The exploit h...

6.5CVSS5.5AI score0.00228EPSS

NVD•added 2026/03/11 9:16 p.m.•2 views

CVE-2026-3956

A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wxweimai/controller/admin/AdminAdminUserController.java. Performing a manipulation of the argument keywor...

5.8CVSS0.00202EPSS

Exploits0References5

OSV•added 2026/03/11 8:16 p.m.•3 views

CVE-2026-3951

A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Response Handler. The manipulation of the argument ID results in cross site scripting. The attack can ...

4.3CVSS4.1AI score0.00296EPSS

NVD•added 2026/03/11 8:16 p.m.•4 views

CVE-2026-3951

5.3CVSS0.00296EPSS