CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5640 matches found

CVE-2026-35081 Arbitrary process termination vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS6AI score

Exploits0References1

CVE•added yesterday•4 views

CVE-2026-35081

CVE-2026-35081 documents an Arbitrary process termination vulnerability in the ugw-logstop method. A remote attacker with user privileges can terminate arbitrary processes due to insufficient input validation. The Connected documents provide the description and CVSS metrics (CVSSv4.0 base 7.2 HIG...

8.1CVSS6AI score

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-9097

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

9.8CVSS5.7AI score0.00054EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-41017

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

5.9CVSS5.9AI score0.00016EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•2 views

CVE-2026-45678

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...

7.5CVSS5.9AI score0.00059EPSS

Exploits1References3Affected Software1

EUVD•added 3 days ago•6 views

EUVD-2026-33697

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert. A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp...

7.5CVSS5.8AI score0.00081EPSS

Exploits0References3

Rosalinux•added 3 days ago•6 views

Advisory ROSA-SA-2026-3311

Component: avahi 0.8 OS: ROSA-CHROME Unaffected versions: = avahi-0.8-12.git35bb1b.11 Affected versions: avahi-0.8-12.git35bb1b.11 CVE-ID: CVE-2026-34933 BDU-ID: None CVE-Crit: Medium CVE-DESC.: The vulnerability in Avahi allows an unprivileged local user to cause an emergency termination of...

5.5CVSS5.8AI score0.00008EPSS

Exploits1

NVD•added 3 days ago•9 views

CVE-2026-41017

5.9CVSS0.00016EPSS

Exploits0References3

PyPA•added 3 days ago•3 views

PYSEC-0000-CVE-2026-41017

5.9CVSS5.9AI score0.00016EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 3 days ago•7 views

CVE-2026-41017

5.9AI score0.00016EPSS

Exploits0References3Affected Software1

Vulnrichment•added 3 days ago•3 views

CVE-2026-41017 Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy

5.9AI score0.00016EPSS

Exploits0References2

RedHat Linux•added 3 days ago•9 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.3AI score0.02836EPSS

Exploits1References7

RedHat Linux•added 3 days ago•6 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS5.8AI score0.00221EPSS

Exploits0References5

CVE•added 3 days ago•8 views

CVE-2026-37223

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(), allowing a remote unauthenticated attacker to send decodable E2AP PDUs with a type not in the whitelist to crash the iApp proce...

7.5CVSS5.8AI score0.00081EPSS

Exploits0References2

CNNVD•added 3 days ago•2 views

FlexRIC security vulnerabilities

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from the iApp message distributor using assert for validation of the allowlist, which may allow remote unauthenticated attackers to send...

7.5CVSS5.8AI score0.00081EPSS

Exploits0References2

NVD•added 6 days ago•7 views

CVE-2026-46579

A flaw was found in the OpenShift Router. When a Route has insecureEdgeTerminationPolicy set to Allow, the HTTP frontend does not remove X-SSL-Client- headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted X-SSL-Client- headers. As a resul...

7.4CVSS0.00038EPSS

Exploits0References2

Vulnrichment•added 6 days ago•9 views

CVE-2026-46579 Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend

7.4CVSS5.7AI score0.00038EPSS

Exploits0References2