CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/08 8:30 a.m.•2 views

CVE-2026-39707

CVE-2026-39707 concerns the WordPress plugin “Accept PayPal Payments using Contact Form 7” (versions through 4.0.4). Multiple sources describe a missing authorization / broken access control vulnerability caused by misconfigured access controls that could be exploited to perform actions without p...

5.3CVSS5.9AI score0.0004EPSS

Tenable Nessus•added 2026/04/08 12:0 a.m.•2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006636 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpl3mdevaccept. While reading sysctltcpl3mdevaccept, it can be...

4.7CVSS5.8AI score0.0005EPSS

NVD•added 2026/04/07 3:17 p.m.•0 views

CVE-2026-30079

In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a...

9.8CVSS0.00032EPSS

Exploits1References1

OSV•added 2026/04/07 1:24 p.m.•2 views

JLSEC-2026-60

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:... Scan SubString verb when combined with...

6.9CVSS5.8AI score0.00056EPSS

Exploits1References3

Tenable Nessus•added 2026/04/04 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-34230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with...

SUSE CVE•added 2026/04/03 11:25 p.m.•2 views

SUSE CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

5.3CVSS5.7AI score0.00022EPSS

Exploits0References5

RedhatCVE•added 2026/04/03 8:16 p.m.•2 views

CVE-2026-34230

A flaw was found in Rack. An unauthenticated attacker can exploit a vulnerability in the Rack::Utils.selectbestencoding method by sending a specially crafted Accept-Encoding header with numerous wildcard entries. This leads to quadratic time complexity during processing, causing disproportionate...

EUVD•added 2026/04/02 8:32 p.m.•0 views

EUVD-2026-18378

Rack has quadratic complexity in Rack::Utils.selectbestencoding via wildcard Accept-Encoding header...

5.3CVSS5.8AI score0.00022EPSS

Exploits0References2

Github Security Blog•added 2026/04/02 8:32 p.m.•3 views

Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...

7.5CVSS6.6AI score0.00022EPSS

Exploits0References4Affected Software1

OSV•added 2026/04/02 8:32 p.m.•0 views

GHSA-V569-HP3G-36WR Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

7.5CVSS5.9AI score0.00022EPSS

NVD•added 2026/04/02 5:16 p.m.•1 views

CVE-2026-34230

7.5CVSS0.00022EPSS

OSV•added 2026/04/02 5:16 p.m.•0 views

DEBIAN-CVE-2026-34230

7.5CVSS5.1AI score0.00022EPSS

OSV•added 2026/04/02 5:16 p.m.•2 views

UBUNTU-CVE-2026-34230

CVE•added 2026/04/02 4:41 p.m.•8 views

CVE-2026-34230

Rack: Quadratic-time vulnerability in Rack::Utils.select_best_encoding when Accept-Encoding contains many wildcard entries. An unauthenticated attacker can craft a header to trigger disproportionate CPU usage on Rack::Deflater, causing DoS. Affected versions: < 2.2.23, < 3.1.21,

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/02 4:41 p.m.•4 views

CVE-2026-34230

5.3CVSS5.7AI score0.00022EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/02 4:41 p.m.•13 views

CVE-2026-34230 Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

5.3CVSS0.00022EPSS

Vulnrichment•added 2026/04/02 4:41 p.m.•0 views

CVE-2026-34230 Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

5.3CVSS5.7AI score0.00022EPSS

CNNVD•added 2026/04/02 12:0 a.m.•3 views

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Utils.selectbestencoding, which has a quadratic time complexity when processing Accept-Encoding headers...

7.5CVSS5.8AI score0.00022EPSS