CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21894 matches found

RedhatCVE•added 2026/04/23 10:14 p.m.•9 views

CVE-2026-6732

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

7.5CVSS5.7AI score0.00632EPSS

Exploits1References5

NVD•added 2026/04/23 9:16 p.m.•7 views

CVE-2026-6376

A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...

8.7CVSS0.00497EPSS

Exploits0References1

Vulnrichment•added 2026/04/23 7:48 p.m.•2 views

CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the...

7.6CVSS5.4AI score0.00333EPSS

Exploits1References1

Patchstack•added 2026/04/23 4:30 p.m.•7 views

WordPress Booking Calendar Contact Form plugin <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar Takeover vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Calendar Takeover vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Booking Calendar Contact Form versions = 1.2.63...

5.3CVSS5.8AI score0.0033EPSS

Exploits0References1Affected Software1

OSV•added 2026/04/23 3:45 p.m.•4 views

MINI-42PM-X8WV-JHVM

Bulletin has no description...

6.1CVSS5.6AI score0.00263EPSS

Exploits1

GithubExploit•added 2026/04/23 1:13 p.m.•120 views

Exploit for CVE-2026-38751

No d...

5.7AI score0.00372EPSS

Exploits3

OSV•added 2026/04/23 6:9 a.m.•4 views

BELL-CVE-2026-22021

Bulletin has no description...

5.3CVSS7.4AI score0.00305EPSS

Exploits0References1

Snyk•added 2026/04/23 4:24 a.m.•4 views

Malicious Package

Overview changelog-cli-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

Exploits0References2

SUSE CVE•added 2026/04/23 1:24 a.m.•4 views

SUSE CVE-2026-31530

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parentport in cxldetachep cxldetachep is called during bottom-up removal when all CXL memory devices beneath a switch port have been removed. For each port in the hierarchy it locks both the port a...

5.7AI score0.00125EPSS

Exploits0References3

Tenable Nessus•added 2026/04/23 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-6732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes...

7.5CVSS5.9AI score0.00632EPSS

Exploits1References3

Circl•added 2026/04/22 11:20 p.m.•8 views

CVE-2026-41170

creationtimestamp| type| source ---|---|--- 2026-04-22 23:20:48+00:00| seen| Telegram/bXcnMEVg4MqmghIUy-Ivhp7SDQD9oC-u5oUbMXpQMRT1SlU...

8.5CVSS5.8AI score0.00238EPSS

Exploits0

NVD•added 2026/04/22 9:17 p.m.•5 views

CVE-2026-41168

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...

6.9CVSS0.00297EPSS

Exploits0References4

OSV•added 2026/04/22 9:17 p.m.•6 views

DEBIAN-CVE-2026-41168

5.3CVSS5.3AI score0.00297EPSS

Exploits0References1

EUVD•added 2026/04/22 8:49 p.m.•5 views

EUVD-2026-25100

6.9CVSS5.6AI score0.00297EPSS

Exploits0References4

CVE•added 2026/04/22 8:49 p.m.•18 views

CVE-2026-41168

Summary: CVE-2026-41168 affects the Python PDF library pypdf

6.9CVSS5.6AI score0.00297EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/04/22 8:49 p.m.•29 views

CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams

6.9CVSS0.00297EPSS

Exploits0References4

Vulnrichment•added 2026/04/22 8:49 p.m.•4 views

CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams

6.9CVSS5.6AI score0.00297EPSS

Exploits0References4

Circl•added 2026/04/22 7:55 p.m.•9 views

CVE-2026-41326

creationtimestamp| type| source ---|---|--- 2026-04-22 19:55:07+00:00| published-proof-of-concept| https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc 2026-05-04 20:10:29+00:00| seen| https://gist.github.com/alon710/e5f670283b66e1c583d8b3f3f9d1efba 2026-05-1...

8.8CVSS5.7AI score0.00293EPSS

Exploits0References3

OSV•added 2026/04/22 4:31 p.m.•5 views

MINI-WM23-4F6G-H5PM

Bulletin has no description...

9.8CVSS5.6AI score0.00525EPSS

Exploits0

OSV•added 2026/04/22 4:31 p.m.•3 views

MINI-M6QW-86XC-QGP7

Bulletin has no description...

7.5CVSS5.6AI score0.00324EPSS

Exploits1