CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2 days ago•3 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network...

4.9CVSS7AI score0.00047EPSS

RedHat Linux•added 2 days ago•4 views

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

4.9CVSS7AI score0.00043EPSS

RedHat Linux•added 2 days ago•5 views

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

4.9CVSS7AI score0.00043EPSS

NVD•added 4 days ago•6 views

CVE-2026-43974

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

8.7CVSS0.0004EPSS

Exploits0References3

Positive Technologies•added 4 days ago•5 views

PT-2026-47300

Name of the Vulnerable Software and Affected Versions gun versions 2.0.0 through 2.3.x Description An issue in the gun http module allows a malicious HTTP server to force a client into raw protocol mode by sending an unsolicited 101 Switching Protocols response. In the handle inform/8 function, t...

8.7CVSS5.6AI score0.0004EPSS

RedHat Linux•added 2026/06/04 3:20 p.m.•6 views

mysql: Optimizer unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols t...

4.9CVSS5.7AI score0.00047EPSS

RedHat Linux•added 2026/06/04 3:20 p.m.•4 views

mysql: JSON unspecified vulnerability (CPU Apr 2026)

6.5CVSS5.8AI score0.00046EPSS

RedHat Linux•added 2026/06/04 3:20 p.m.•3 views

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

4.9CVSS5.8AI score0.00043EPSS

RedhatCVE•added 2026/06/01 1:41 p.m.•9 views

CVE-2026-9759

A flaw was found in the ROHC dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a NULL pointer dereference, resulting in a denial of service. Mitigation If the ROHC protocol dissector is not being used, it can be disabled via the...

5.5CVSS5.7AI score0.0001EPSS

Exploits0References5

SUSE CVE•added 2026/05/30 1:59 a.m.•8 views

SUSE CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

Tenable Nessus•added 2026/05/29 12:0 a.m.•7 views

Exploits0References3

Linux Distros Unpatched Vulnerability : CVE-2026-49129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set withou...

6.9CVSS5.6AI score0.00059EPSS

Exploits0References3

NVD•added 2026/05/28 8:16 p.m.•9 views

CVE-2026-49129

6.9CVSS0.00059EPSS

OSV•added 2026/05/28 8:16 p.m.•6 views

DEBIAN-CVE-2026-49129

OSV•added 2026/05/28 8:16 p.m.•5 views

Exploits0References1

UBUNTU-CVE-2026-49129

EUVD•added 2026/05/28 7:10 p.m.•5 views

Exploits0References9

EUVD-2026-33005

ATTACKERKB•added 2026/05/28 7:10 p.m.•6 views

CVE-2026-49129

Debian CVE•added 2026/05/28 7:10 p.m.•7 views

CVE-2026-49129

CVE•added 2026/05/28 7:10 p.m.•11 views

Exploits0

CVE-2026-49129

Music Player Daemon (MPD) <= 0.24.10 contains a server-side request forgery (SSRF) in CurlInputPlugin by setting CURLOPT_FOLLOWLOCATION without CURLOPT_REDIR_PROTOCOLS_STR. This allows unauthenticated attackers to bypass the http/https scheme restriction and redirect to non-HTTP protocols (e.g...

Positive Technologies•added 2026/05/28 12:0 a.m.•8 views

PT-2026-44496

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT FOLLOWLOCATION is set without CURLOPT REDIR PROTOCOLS STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTT...