CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 3 days ago•10 views

PT-2026-45411

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

5.4CVSS6AI score0.00036EPSS

CNNVD•added 3 days ago•5 views

Mozilla Firefox for iOS security vulnerabilities

Mozilla Firefox for iOS is a web browser designed for iOS devices by the Mozilla Foundation in the United States. Versions of Mozilla Firefox for iOS prior to 151.2 contained a security vulnerability. This vulnerability stemmed from Reader View replacing the page content in the HTML template befo...

5.4CVSS5.9AI score0.00036EPSS

Exploits0References2

ATTACKERKB•added 5 days ago•4 views

CVE-2026-10124

A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function ripzebrareadipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been...

9CVSS7.7AI score0.00041EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 5 days ago•7 views

RockyLinux 9 : libsndfile (RLSA-2026:19610)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19610 advisory. libsndfile: integer overflow in imareaderinit CVE-2026-37555 Tenable has extracted the preceding description block directly from the RockyLinux security advisory...

7.5CVSS5.9AI score0.00047EPSS

Exploits1References3

NVD•added 6 days ago•5 views

CVE-2026-46385

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...

8.7CVSS0.00042EPSS

Exploits0References1

Vulnrichment•added 6 days ago•5 views

CVE-2026-46385 iskorotkov/avro: CPU Exhaustion in Avro Decoder

8.7CVSS5.8AI score0.00042EPSS

Exploits0References1

Rockylinux•added 6 days ago•8 views

libsndfile security update

An update is available for libsndfile. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libsndfile is a C library for reading and writing files containing sample...

7.5CVSS5.9AI score0.00047EPSS

Exploits1

ATTACKERKB•added 6 days ago•7 views

CVE-2026-6324

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a...

4.8CVSS5.8AI score0.00042EPSS

Exploits0References4

OSV•added last week•2 views

DEBIAN-CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

5.3CVSS5.8AI score0.00043EPSS

Exploits0References1

NVD•added last week•5 views

CVE-2026-49299

5.3CVSS0.00043EPSS

Exploits0References4

OSV•added last week•3 views

UBUNTU-CVE-2026-49299

5.3CVSS5.8AI score0.00043EPSS

Exploits0References6

CVE•added last week•13 views

CVE-2026-49299

OpenStack Neutron prior to 28.0.1 is affected: the tagging controller enforces plural policy action names on single-tag write operations while policy rules use singular names, causing the mismatch to evaluate as allowed under the default policy. This permits a project reader to create and update ...

5.3CVSS5.8AI score0.00043EPSS

Exploits0References4

Cvelist•added last week•23 views

CVE-2026-49299

5.3CVSS0.00043EPSS

OSV•added last week•4 views

RLSA-2026:19610 Important: libsndfile security update

libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: integer overflow in imareaderinit CVE-2026-37555 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

8.2CVSS5.9AI score0.00047EPSS

Exploits1References2

SUSE CVE•added 2026/05/28 3:54 a.m.•5 views

SUSE CVE-2026-46022

In the Linux kernel, the following vulnerability has been resolved: misc: ibmasm: fix OOB MMIO read in ibmasmhandlemouseinterrupt ibmasmhandlemouseinterrupt performs an out-of-bounds MMIO read when the queue reader or writer index from hardware exceeds REMOTEQUEUESIZE 60. A compromised service...

5.8AI score0.00032EPSS

Fedora•added 2026/05/28 1:13 a.m.•7 views

[SECURITY] Fedora 44 Update: rust-astral_async_zip-0.0.18~rc4-2.fc44

An asynchronous ZIP archive reading/writing crate...

Fedora•added 2026/05/28 1:13 a.m.•6 views

[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.2-1.fc44

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

Fedora•added 2026/05/28 12:48 a.m.•8 views

[SECURITY] Fedora 43 Update: rust-astral_async_http_range_reader-0.11.0-2.fc43

A library for streaming reading of files over HTTP using range requests...

Fedora•added 2026/05/28 12:48 a.m.•6 views

[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.2-1.fc43