CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

137419 matches found

RedHat Linux•added 4 hours ago•5 views

Important: Red Hat Security Advisory: Red Hat Openshift Mirror Registry v2.0.11

Red Hat Openshift Mirror Registry v2.0.11 Openshift Mirror Registry v2.0.11...

10CVSS6.8AI score0.00789EPSS

Exploits3References12

Chainguard•added 7 hours ago•7 views

GHSA-M25M-5778-FM22 vulnerabilities

Vulnerabilities for packages: grafana-fips...

5.8AI score

Exploits0

RedHat Linux•added 7 hours ago•5 views

Important: Red Hat Security Advisory: postgresql:13 security update

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS5.9AI score0.00238EPSS

Exploits0References2

OSV•added 8 hours ago•3 views

ROOT-APP-NPM-CVE-2026-42035 CVE-2026-42035 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42035 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.4CVSS5.8AI score0.00351EPSS

Exploits1

RedHat Linux•added 11 hours ago•11 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6.6AI score0.0059EPSS

Exploits0References17

OSV•added 11 hours ago•5 views

ROOT-APP-PYPI-CVE-2023-45803 CVE-2023-45803 in rootio-urllib3 - Patched by Root

Root has patched CVE-2023-45803 in the rootio-urllib3 package for Root:PyPI. Multiple fixed versions available...

4.2CVSS7.5AI score0.00544EPSS

Exploits0

RedHat Linux•added 12 hours ago•10 views

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.6AI score0.0095EPSS

Exploits0References2

Chainguard•added 13 hours ago•7 views

GHSA-CMWH-PVXP-8882 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, opensearch-dashboards-fips...

5.8AI score

Exploits0

Chainguard•added 13 hours ago•5 views

GHSA-VM85-HXW5-5432 vulnerabilities

Vulnerabilities for packages: nextcloud-server, drupal, privatebin...

5.8AI score

Exploits0

Chainguard•added 13 hours ago•4 views

GHSA-HCXC-WF8J-23HV vulnerabilities

Vulnerabilities for packages: grafana-fips...

5.8AI score

Exploits0

Chainguard•added 13 hours ago•4 views

GHSA-CRVV-6W6H-CV34 vulnerabilities

Vulnerabilities for packages: grafana-fips...

5.8AI score

Exploits0

OSV•added 13 hours ago•5 views

ROOT-APP-NPM-GHSA-Q4GF-8MX6-V5V3 GHSA-q4gf-8mx6-v5v3 in @rootio/next - Patched by Root

Root has patched GHSA-q4gf-8mx6-v5v3 in the @rootio/next package for Root:npm. Multiple fixed versions available...

5.8AI score

Exploits0

RedHat Linux•added 14 hours ago•4 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

8.2CVSS7AI score0.00573EPSS

Exploits0References5

Nuclei•added 16 hours ago•17 views

AnythingLLM - Username Enumeration via Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

5.3CVSS5.8AI score0.00713EPSS

Exploits1

Nuclei•added 16 hours ago•14 views

TinaCMS - Path Traversal

TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...

6.2CVSS6AI score0.01025EPSS

Exploits1References2

Nuclei•added 16 hours ago•10 views

SiYuan <= v3.6.1 - Bookmark Data Disclosure

SiYuan v3.6.2 contains an information disclosure vulnerability caused by improper authorization checks in the publish service's bookmark filtering, letting unauthenticated visitors access bookmarked blocks from password-protected documents, exploit requires access to the publish service. id:...

7.5CVSS5.8AI score0.01227EPSS

Exploits1References2

Nuclei•added 16 hours ago•12 views

Vite Dev Server - Information Exposure

Vite dev server could allow reading files from the Vite project root by bypassing server.fs.deny with double forward-slash paths //. This affects exposed dev servers only. id: CVE-2023-34092 info: name: Vite Dev Server - Information Exposure author: ritikchaddha severity: high description: | Vite...

7.5CVSS7.1AI score0.03152EPSS

Exploits1References2

Nuclei•added 16 hours ago•12 views

XWiki Platform - Path Traversal

XWiki Platform 4.2-milestone-2 through 16.10.6 contains a path traversal caused by improper access control in jsx and sx endpoints, letting remote attackers read configuration files, exploit requires no special privileges. id: CVE-2025-55748 info: name: XWiki Platform - Path Traversal author:...

9.3CVSS5.9AI score0.01652EPSS

Exploits0References3

Nuclei•added 16 hours ago•5 views

Vite dev server - Cross-Site Scripting

Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...

6.1CVSS6.7AI score0.00997EPSS

Exploits1References2

Nuclei•added 16 hours ago•11 views

Dify User Enumeration via Observable Response Discrepancy

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. id: CVE-2026-28288 info: name: Dify User Enumeratio...

6.9CVSS5.8AI score0.00635EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by