CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 4 days ago•9 views

Fedora 44 : pie (2026-e5d5fc359d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e5d5fc359d advisory. Version 1.4.5 This release contains vulnerability fixes for the following security advisories: - GHSA-h842-vjwg-pxxx - Sudo-elevated arbitrary file deletion...

6.4AI score

OSV•added 5 days ago•4 views

SUSE-SU-2026:21989-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: Update to version 20260430.00 Update THIRDPARTYLICENSES to be package specific location. 608 Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 604...

9.1CVSS5.5AI score0.00591EPSS

Exploits1References18

EUVD•added 5 days ago•10 views

EUVD-2026-34055

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS5.7AI score0.00012EPSS

Exploits0References5

Cvelist•added 6 days ago•39 views

CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update

4.3CVSS0.00012EPSS

Exploits0References4

OSSF Malicious Packages•added 2026/05/22 1:29 p.m.•7 views

Malicious code in ml2000 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 871b57a598bf1230a64fa6ee85d442eb30f21915176835801871dc46c59cedf6 On invoking the ml2000 CLI with no arguments, interactivemenu in src/mllabs/generator.py writes a batch file and launches it via...

5.8AI score

OSSF Malicious Packages•added 2026/05/21 8:5 p.m.•5 views

Malicious code in @ornexus/neocortex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb66a92e1a8c414ee0c8877998a9587b7c8a4be3b9b27b76d874329a87bec5dc On npm install -g @ornexus/neocortex, postinstall.js spawns install.sh or install.ps1 which, by default, runs an installcoderabbit step that fetches...

6.3AI score

OSV•added 2026/05/21 8:5 p.m.•5 views

MAL-2026-4416 Malicious code in @ornexus/neocortex (npm)

6.3AI score

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/msm: fixed NULL dereferencing when uninstalling an interrupt. In cases of early initialization errors, and on platforms that do not use the DPU controller, the deinitialization code can be called with the kms pointer set to...

5.3AI score0.00029EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: hns3: Fix kernel crash when uninstalling the driver When the driver is uninstalled and the VFs are disabled concurrently, a kernel crash occurs. The reason is that both actions call the function pcidisablesriov. The value of...

5.5CVSS6.2AI score0.00022EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xdp, net: Fixed a use-after-free in bpfxdplinkrelease The issue occurs between devgetbyindex and devxdpattachlink. At this point, devxdpuninstall is called. As a result, the xdp link will not be automatically detached when the...

5.5CVSS6.1AI score0.00094EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – fixed a use-after-free bug in hclgevfsendmbxmsg. Currently, the hns3remove function first uninstalls the client instance, and then uninstalls the deletion engine device. The netdevice is freed during the client instan...

7.8CVSS6.2AI score0.00016EPSS

NVD•added 2026/05/18 9:16 a.m.•10 views

CVE-2026-3117

6.5CVSS0.00035EPSS

ATTACKERKB•added 2026/05/18 8:9 a.m.•5 views

CVE-2026-3117

CVE•added 2026/05/18 8:9 a.m.•9 views

CVE-2026-3117

Mattermost plugins contain a permission-check flaw in the GitLab plugin command processing. Versions affected: Mattermost Plugins

Exploits0References1Affected Software1

EUVD•added 2026/05/18 8:9 a.m.•7 views

EUVD-2026-30748

Cvelist•added 2026/05/18 8:9 a.m.•38 views

CVE-2026-3117 Instance and webhook GitLab plugin commands were able to be run by non-admin users

6.5CVSS0.00035EPSS

Vulnrichment•added 2026/05/18 8:9 a.m.•5 views

CVE-2026-3117 Instance and webhook GitLab plugin commands were able to be run by non-admin users

CNNVD•added 2026/05/18 12:0 a.m.•4 views

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins contain security vulnerabilities. These...

Positive Technologies•added 2026/05/18 12:0 a.m.•9 views

PT-2026-41650