CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2 days ago•4 views

CVE-2026-48520

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" or "Public Flows" in code contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of...

6.1CVSS0.00218EPSS

NVD•added 2 days ago•3 views

CVE-2026-11940

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS0.00599EPSS

Exploits0References7

EUVD•added 2 days ago•4 views

EUVD-2026-38490

7.8CVSS6.6AI score0.00728EPSS

Exploits2References7

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in react-simple-utils-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 038aa6bccd8008fec1f309d718e53dd4b89e4ca15a976c6a80652e0dd58a5b58 Package advertises itself as 'a simple date formatting utility for React projects' 3-function index.js, but ships a postinstall.js that runs on every...

5.9AI score

Exploits0References17

OSV•added 2 days ago•2 views

MAL-2026-6303 Malicious code in react-simple-utils-kit (npm)

5.9AI score

Exploits0References17

RedHat Linux•added 2 days ago•5 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

RedHat Linux•added 2 days ago•4 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

Cvelist•added 3 days ago•22 views

CVE-2026-48109 MessagePack-CSharp: LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that do...

8.2CVSS0.00296EPSS

RedHat Linux•added 3 days ago•4 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

RedHat Linux•added 3 days ago•4 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

RedHat Linux•added 3 days ago•5 views

kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done()

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog...

9.8CVSS5.7AI score0.00351EPSS

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in libwebp

A flaw was discovered in libwebp in versions prior to 1.0.1. When reading a file, libwebp allocates an excessive amount of memory. The greatest threat posed by this vulnerability is related to service availability...

7.5CVSS6.8AI score0.01966EPSS

Exploits0References2

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability in libxml2

In libxml2 versions before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings due to an incorrect return value. This issue occurs in the xmlPythonFileRead and xmlPythonFileReadRaw functions, caused by a discrepancy between bytes and characters...

7.5CVSS6.7AI score0.00311EPSS

Exploits1References2

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerability in libstb

stbimage is a single-file library licensed under MIT that is used for processing images. The stbigetn function reads a specified number of bytes from the context usually a file into the specified buffer. If the file stream points to the end of the file, it returns zero. There are two places where...

5.5CVSS5.6AI score0.00657EPSS

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Ice: The operation copy last block was omitted in icegetmoduleeeprom. icegetmoduleeeprom is broken since the commit e9c9692c8a81 “Ice: Reimplement module reads used by ethtool”. In this refactoring, icegetmoduleeeprom reads the...

7.8CVSS6.3AI score0.00172EPSS

Exploits0References2

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: - net: tls: Fixed a use-after-free issue related to partial reads and async decryption. tlsdecryptsg does not take a reference to the pages from clearskb. Therefore, the putpage function in tlsdecryptdone releases these pages,...

7.8CVSS6.1AI score0.00256EPSS

Exploits0References2

AstraLinux•added 6 days ago•3 views

Astra Linux – Vulnerability in nss

A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...

9.1CVSS7.3AI score0.01541EPSS