CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

242 matches found

SUSE CVE-2026-42536

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.4AI score0.0004EPSS

Exploits0References3

OSV•added yesterday•2 views

UBUNTU-CVE-2026-42536

7.5CVSS5.4AI score0.0004EPSS

Exploits0References5

NVD•added 2 days ago•6 views

CVE-2026-42536

7.5CVSS0.0004EPSS

Exploits0References2

EUVD•added 2 days ago•7 views

EUVD-2026-35100

7.5CVSS5.4AI score0.0004EPSS

Exploits0References1

CVE•added 2 days ago•17 views

CVE-2026-42536

Summary (CVE-2026-42536) : A heap-based buffer overflow in Apache HTTP Server affects 2.4.0–2.4.67 through the mod_xml2enc component (and related parsing of untrusted content via xml2StartParse). The issue is resolved by upgrading to Apache HTTP Server 2.4.68. The payload vector involves processi...

7.5CVSS5.4AI score0.0004EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2 days ago•4 views

CVE-2026-42536

5.4AI score0.0004EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2 days ago•4 views

CVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow

5.4AI score0.0004EPSS

Exploits0References1

Positive Technologies•added 2 days ago•7 views

PT-2026-47320

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.0004EPSS

Exploits0References2

RedhatCVE•added 4 days ago•7 views

CVE-2026-50733

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval, allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview window.eval and presentation mode plus HTML export the bundled WaveDrom.ProcessAll/ev...

8.8CVSS5.6AI score0.00058EPSS

Exploits0References1

RedhatCVE•added 5 days ago•5 views

CVE-2026-44580

Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escap...

6.1CVSS5.2AI score0.00012EPSS

Exploits0References1

RedhatCVE•added 5 days ago•3 views

CVE-2026-6442

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent...

8.3CVSS6.1AI score0.00055EPSS

Exploits0References1

Microsoft Secure•added 5 days ago•11 views

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic's Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull request descriptions, and comments. We found that while Claude Code Action supported environment...

5.9AI score

Exploits0

EUVD•added last week•6 views

EUVD-2025-210052

SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...

7.3CVSS5.8AI score0.00013EPSS

Exploits0References3

ATTACKERKB•added last week•5 views

CVE-2025-41259

7.3CVSS5.8AI score0.00013EPSS

Exploits0References4

Vulnrichment•added last week•6 views

CVE-2025-41259 SWUpdate Untrusted Script Execution via Signed Update TOCTOU

7.3CVSS5.8AI score0.00013EPSS

Exploits0References3

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-44155

TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...

8.4CVSS5.9AI score

Exploits0References5

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в firefox

The element could have been manipulated to display content outside of a sandboxed iframe. This could allow untrusted content to be displayed under the guise of trusted content. This vulnerability affects Firefox versions earlier than 121...

6.5CVSS6.8AI score0.0014EPSS

Exploits0References2

OSV•added 2026/05/15 8:42 a.m.•2 views

BIT-JUPYTER-NOTEBOOK-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

9.6CVSS6.4AI score0.00079EPSS

Exploits0References2

OSV•added 2026/05/15 8:41 a.m.•3 views

BIT-JUPYTER-BASE-NOTEBOOK-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content

9.6CVSS6.3AI score0.00079EPSS

Exploits0References2

Tenable Nessus•added 2026/05/15 12:0 a.m.•15 views

Next.js Framework 13.x < 15.5.16 / 16.x < 16.2.5 XSS

The Next.js Framework on the remote host is affected by a cross-site scripting vulnerability: - Applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before...

6.1CVSS5.6AI score0.00012EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by