CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21796 matches found

OSV•added 2026/05/18 1:16 p.m.•6 views

MINI-35X3-HXCP-QXRX

Bulletin has no description...

7.5CVSS6.3AI score0.00283EPSS

Exploits0

OSV•added 2026/05/18 1:0 p.m.•3 views

MINI-RM54-59V5-VPQR

Bulletin has no description...

7.5CVSS5.7AI score0.00329EPSS

Exploits1

OSV•added 2026/05/18 12:57 p.m.•8 views

CLEANSTART-2026-CR00119 Security fixes for CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6v2p-p943-phr9, ghsa-78h2-9frx-2jm8, ghsa-c6gw-w398-hv78, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-p754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gw88-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.15.0-r1, 1.19.0-r0, 1.19.1-r0, 1.19.1-r1

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.8AI score0.00588EPSS

Exploits1References36

OSV•added 2026/05/18 12:45 p.m.•2 views

MINI-PP3M-M38G-C4GP

Bulletin has no description...

7.5CVSS5.7AI score0.00329EPSS

Exploits1

RedHat Linux•added 2026/05/18 12:24 p.m.•12 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00577EPSS

Exploits1References8

RedHat Linux•added 2026/05/18 12:21 p.m.•8 views

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

8.9CVSS7.8AI score0.00304EPSS

Exploits0References9

RedHat Linux•added 2026/05/18 12:12 p.m.•13 views

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

8.9CVSS7.8AI score0.00304EPSS

Exploits0References9

OSV•added 2026/05/18 8:16 a.m.•6 views

SUSE-SU-2026:1970-1 Security update for php-composer2

This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: - version update to 2.2.27...

8.8CVSS6.6AI score0.03255EPSS

Exploits4References11

CVE•added 2026/05/18 7:0 a.m.•21 views

CVE-2026-6342

Mattermost plugins vulnerable to a namespace prefix-matching bypass. Affected: Mattermost Plugins versions

4.3CVSS5.8AI score0.00152EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/18 12:0 a.m.•13 views

PT-2026-41688

Summary The custom html purify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

5.4CVSS5.7AI score0.00029EPSS

Exploits0References4

OSV•added 2026/05/17 6:27 p.m.•4 views

MINI-PRPH-2C56-3GWX

Bulletin has no description...

7.5CVSS6.7AI score0.00868EPSS

Exploits0

OSV•added 2026/05/17 6:26 p.m.•7 views

MINI-GMR9-9QJ8-Q7PG

Bulletin has no description...

6.5CVSS6.7AI score0.0045EPSS

Exploits0