CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 4 days ago•4 views

CVE-2026-10892

An out of bounds write flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513165325...

9.6CVSS5.4AI score0.00109EPSS

RedhatCVE•added 4 days ago•7 views

CVE-2026-10883

An out of bounds write flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503768143...

8.8CVSS5.4AI score0.00086EPSS

RedhatCVE•added 4 days ago•6 views

CVE-2026-10881

An out of bounds read and write flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498904293...

9.6CVSS5.7AI score0.00086EPSS

RedhatCVE•added 4 days ago•9 views

CVE-2026-11420

Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...

RedhatCVE•added 4 days ago•8 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00422EPSS

RedhatCVE•added 4 days ago•10 views

CVE-2026-44660

A flaw was found in UltraJSON, a fast JSON encoder and decoder. When the ujson.dump function attempts to write data to a file-like object and an error occurs during this operation, the memory allocated for the serialized JSON string is not properly released. This continuous failure to deallocate...

8.7CVSS5AI score0.00052EPSS

Exploits1References6

RedhatCVE•added 5 days ago•7 views

CVE-2026-11369

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

7.1CVSS5.6AI score0.00038EPSS

RedhatCVE•added 5 days ago•10 views

CVE-2026-50593

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range...

7.3CVSS5.5AI score0.00012EPSS

SUSE CVE•added 5 days ago•5 views

SUSE CVE-2026-50264

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS5.4AI score0.00012EPSS

Exploits0References3

Tenable Nessus•added 5 days ago•7 views

EulerOS Virtualization 2.10.0 : libpcap (EulerOS-SA-2026-2051)

According to the versions of the libpcap package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string...

1.9CVSS5.4AI score0.00017EPSS

Exploits0References2

Snyk•added 6 days ago•4 views

Denial of Service (DoS)

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Denial of Service DoS through the ingestion process. An attacker can cause the application to become temporarily unavailable to other users by submitting an event containing an unusually large...

5.3CVSS5.6AI score

Exploits0References2

CVE•added 6 days ago•14 views

CVE-2026-11416

Summary: MoviePilot is affected by a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers. The local destination path is built by concatenating the configured download directory with a filename taken directly from remote cloud API metadata, without basename...

8.1CVSS5.6AI score0.00056EPSS

Exploits0References3

OSV•added 6 days ago•7 views

GHSA-C3QP-2GGW-XJG7 Shopper: Authorization bypass and RBAC privilege escalation in team settings

Impact Two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system: - Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users,...

9.9CVSS5.6AI score0.00036EPSS

Exploits0References4

Cvelist•added 6 days ago•28 views

CVE-2026-11420 Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read

10CVSS0.00676EPSS

ATTACKERKB•added 6 days ago•4 views

CVE-2026-11420

Vulnrichment•added 6 days ago•8 views

Exploits0References2

CVE-2026-11420 Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read

CVE•added 6 days ago•26 views

CVE-2026-11420

Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. The issue can potentiall...

Vulnrichment•added 6 days ago•6 views

CVE-2026-11419 Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File Write

9.4CVSS6AI score0.00422EPSS

Cvelist•added 6 days ago•29 views

CVE-2026-11419 Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File Write

9.4CVSS0.00422EPSS