CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/28 12:0 a.m.•10 views

PT-2026-44425

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.363.0 Description Casdoor fails to enforce SAML assertion time bounds. The gosaml2 library calculates time-validation results, such as NotOnOrAfter and NotBefore, and reports them in the assertionInfo.WarningInfo...

5.8AI score0.0033EPSS

EUVD•added 2026/05/26 3:4 p.m.•8 views

EUVD-2026-31851

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00133EPSS

Exploits0References1

Positive Technologies•added 2026/05/26 12:0 a.m.•16 views

PT-2026-43620

Name of the Vulnerable Software and Affected Versions radvd versions prior to 2.21 Description The radvdump utility contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the print ff function copies up to 2032 bytes of...

7.7CVSS6.1AI score0.00155EPSS

Exploits0References12

Debian CVE•added 2026/05/25 8:19 p.m.•10 views

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

6.5CVSS5.8AI score0.00412EPSS

Exploits0

CVE•added 2026/05/22 1:12 p.m.•14 views

CVE-2026-8670

The CVE-2026-8670 entry concerns Avantra (Syslink software AG) on Linux and Windows, with an issue described as “Insufficient session expiration,” allowing reuse of session IDs (session replay). Affected release: Avantra before 25.3.1. The CVSSv3.1 vector indicates a Critical impact (HIGH confide...

9.6CVSS5.8AI score0.00216EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/21 7:34 a.m.•7 views

CVE-2026-44064

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

7.1CVSS5.8AI score0.00171EPSS

Exploits0References2Affected Software1

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: Check ctr-cnr to avoid array index out of bounds. The cmtpaddconnection function adds a CMTS session to a controller and runs a kernel thread to process CMTS operations. modulegetTHISMODULE; session-task =...

7.8CVSS6.1AI score0.00235EPSS

Exploits0References2

EUVD•added 2026/05/19 6:43 p.m.•9 views

EUVD-2026-30973

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS5.8AI score0.00486EPSS

Snyk•added 2026/05/11 2:2 p.m.•11 views

Insufficient Session Expiration

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Insufficient Session Expiration via misconfiguration of the CORSMiddleware module and improper session management. An attacker can gain unauthorized access and execute arbitrary code by enticing an...

8.9CVSS6.2AI score

Exploits0References2

EUVD•added 2026/04/24 12:31 a.m.•3 views

EUVD-2026-25325

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement o...

OSV•added 2026/04/24 12:31 a.m.•3 views

Exploits0References4

GHSA-PR66-WHQJ-RQ5P Duplicate Advisory: OpenClaw: Discord Component Interaction Misclassifies Group DM as Direct Message

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6336-qqw9-v6x6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group...

NVD•added 2026/04/23 10:16 p.m.•3 views

CVE-2026-41341

5.4CVSS0.00125EPSS

Vulnrichment•added 2026/04/23 9:58 p.m.•3 views

CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension

5.4CVSS5.2AI score0.00125EPSS

Cvelist•added 2026/04/23 9:58 p.m.•32 views

CVE-2026-41341 OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension

5.4CVSS0.00125EPSS

ATTACKERKB•added 2026/04/23 9:58 p.m.•3 views

CVE-2026-41341

Positive Technologies•added 2026/04/23 12:0 a.m.•4 views

Exploits0References4

PT-2026-34772

RedhatCVE•added 2026/04/20 7:23 p.m.•4 views

CVE-2026-6564

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...

5.3CVSS5.3AI score0.00334EPSS

Exploits0References1

EUVD•added 2026/04/19 12:31 p.m.•3 views

EUVD-2026-23692

5.3CVSS5.3AI score0.00334EPSS