CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS5.5AI score0.00033EPSS

Exploits0References4

EUVD•added 2 days ago•6 views

EUVD-2026-35439

5.1CVSS5.5AI score0.00033EPSS

Exploits0References4

Cvelist•added 2 days ago•28 views

CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service

5.1CVSS0.00033EPSS

Exploits0References4

Tenable Nessus•added 2 days ago•4 views

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-2207)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a...

10CVSS7.9AI score0.00045EPSS

Exploits2References8

RedhatCVE•added 6 days ago•5 views

CVE-2026-10796

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

7.5CVSS5.9AI score0.00056EPSS

Exploits1References1

Cvelist•added 2026/06/04 5:2 p.m.•24 views

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

7.5CVSS0.00056EPSS

Exploits1References4

Vulnrichment•added 2026/06/04 5:2 p.m.•8 views

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

7.5CVSS6.1AI score0.00056EPSS

Exploits1References4

CVE•added 2026/06/04 5:2 p.m.•11 views

CVE-2026-10796

Vulnerability summary (CVE-2026-10796) : nvm (Node Version Manager)

7.5CVSS6.1AI score0.00056EPSS

Exploits1References4Affected Software1

EUVD•added 2026/05/08 2:51 a.m.•8 views

EUVD-2026-28497

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux function appends attacker-controlled remote version strings directly into an...

9.8CVSS5.8AI score0.00733EPSS

Exploits0References3

ATTACKERKB•added 2026/05/08 2:51 a.m.•3 views

CVE-2026-41501

9.8CVSS5.8AI score0.00733EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/08 2:51 a.m.•6 views

CVE-2026-41501 electerm has Command Injection Vulnerability via runLinux function

9.8CVSS5.8AI score0.00733EPSS

Exploits0References3

OSV•added 2026/04/24 8:45 p.m.•2 views

GHSA-8X35-HPH8-37HQ electerm has Command Injection via runLinux funtion

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux function appends attacker-controlled remote version strings directly into an exec"rm -r...

9.8CVSS6.1AI score0.00733EPSS

Exploits0References5

RedhatCVE•added 2026/04/07 11:1 p.m.•2 views

CVE-2026-35167

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

8.1CVSS5.9AI score0.00022EPSS

Exploits0References1

OSV•added 2026/04/06 6:16 p.m.•5 views

PYSEC-2026-71

8.1CVSS5.8AI score0.00022EPSS

Exploits0References2

Vulnrichment•added 2026/04/06 5:43 p.m.•0 views

CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string

7.1CVSS5.9AI score0.00022EPSS

Exploits0References2

CVE•added 2026/04/06 5:43 p.m.•10 views

CVE-2026-35167

CVE-2026-35167 affects Kedro. The _get_versioned_path() function constructs filesystem paths by directly interpolating user-supplied version strings, preserving traversal sequences like ../ and enabling access outside the intended versioned dataset directory. This affects multiple entry points (c...

8.1CVSS5.9AI score0.00022EPSS

Exploits0References2Affected Software1

EUVD•added 2026/04/06 5:43 p.m.•5 views

EUVD-2026-19416

7.1CVSS5.9AI score0.00022EPSS

Exploits0References2

Github Security Blog•added 2026/04/03 3:46 a.m.•4 views

Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...

8.1CVSS5.9AI score0.00022EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/03 3:46 a.m.•2 views

GHSA-6326-W46W-PPJW Kedro: Path Traversal in versioned dataset loading via unsanitized version string

7.1CVSS5.9AI score0.00022EPSS

Exploits0References5

Snyk•added 2026/04/01 6:32 a.m.•3 views

Directory Traversal

Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Directory Traversal due to unsanitized version strings in versioned dataset path construction. The AbstractVersionedDataset.getversionedpath logic used durin...

8.1CVSS6.5AI score0.00022EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by