CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•9 views

Astra Linux - уязвимость в sqlite3

SQLite 3.32.2 has a use-after-free issue in the resetAccumulator function in select.c, as the re-write of the parse tree for window functions occurs too late...

7.5CVSS6.9AI score0.02437EPSS

Exploits1References2

Cvelist•added 2026/04/13 1:21 p.m.•27 views

CVE-2026-31415 ipv6: avoid overflows in ip6_datagram_send_ctl()

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6datagramsendctl Yiming Qian reported : I believe I found a locally triggerable kernel bug in the IPv6 sendmsg ancillary-data path that can panic the kernel via skbunderpanic local DoS. The core issue i...

0.00019EPSS

Exploits0References8

Packet Storm•added 2026/03/26 12:0 a.m.•109 views

📄 V8 StringToBigInt Memory Corruption Sandbox Bypass

V8 suffers from a sandbox bypass vulnerability due to memory corruption during StringToBigInt conversion. The function v8::internal::StringToBigInt is used by V8 when converting a string to a BigInt e.g. via BigInt“1337”. It first parses the string into individual digitt’s in the...

5.8AI score

Redos•added 2025/10/31 12:0 a.m.•2 views

ROS-20251031-01

Vulnerability of MongoDB database management system is related to incorrect processing of certain accumulator functions when additional parameters are specified in the $group operation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

RedhatCVE•added 2025/09/07 9:24 p.m.•1 views

CVE-2025-10061

An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to deni...

NVD•added 2025/09/05 9:15 p.m.•2 views

CVE-2025-10061

6.5CVSS0.0014EPSS

OSV•added 2025/09/05 9:15 p.m.•1 views

CVE-2025-10061

6.5CVSS6.3AI score

OSV•added 2025/09/05 9:15 p.m.•0 views

UBUNTU-CVE-2025-10061

Cvelist•added 2025/09/05 8:48 p.m.•4 views

Exploits0References3

CVE-2025-10061 Malformed $group Query May Cause MongoDB Server to Crash

6.5CVSS0.0014EPSS

Vulnrichment•added 2025/09/05 8:48 p.m.•1 views

CVE-2025-10061 Malformed $group Query May Cause MongoDB Server to Crash

6.5CVSS6.2AI score0.0014EPSS

FreeBSD•added 2025/09/05 12:0 a.m.•7 views

mongodb -- Malformed $group Query May Cause MongoDB Server to Crash

[email protected] reports: An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This...

CNNVD•added 2025/09/05 12:0 a.m.•2 views

MongoDB Server 安全漏洞

MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server versions prior to 6.0.25, 7.0.22, 8.0.12, and...

6.5CVSS6.2AI score0.0014EPSS

Exploits0References2

Positive Technologies•added 2025/09/05 12:0 a.m.•3 views

PT-2025-36331

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.25 MongoDB Server versions prior to 7.0.22 MongoDB Server versions prior to 8.0.12 MongoDB Server versions prior to 8.1.2 Description: An authorized user can cause a crash in the MongoDB Server through a...

6.5CVSS6.3AI score0.0014EPSS

Exploits0References10

OSV•added 2025/08/11 1:52 p.m.•3 views

BIT-LIBPYTHON-2022-48566

An issue was discovered in comparedigest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.comparedigest...

5.9CVSS7.1AI score0.0009EPSS

Exploits1References5

Packet Storm News•added 2025/05/30 12:0 a.m.•2 views

Compact and Selective Disclosure for Verifiable Credentials

Self-Sovereign Identity SSI is a novel identity model that empowers individuals with full control over their data, enabling them to choose what information to disclose, with whom, and when. This paradigm is rapidly gaining traction worldwide, supported by numerous initiatives such as the European...

6.7AI score

CheckPoint Security•added 2025/01/21 12:0 a.m.•11 views

CVE-2024-52888 - Mobile Access File Share applications are vulnerable to stored XSS attacks

Symptoms - When an authenticated Mobile Access portal end-user browses to a File Share application, the portal may run a script while attempting to display a directory or some file's properties. Additionally, an authenticated attacker may store specially crafted file/dir names for other...

5.4CVSS6.8AI score0.00183EPSS

CheckPoint Security•added 2024/10/08 12:0 a.m.•11 views

Check Point Response to CVE-2024-24914 - TCL substitution of global parameter values

Symptoms - After logging in to Gaia Portal, authenticated users local Gaia users and RADIUS / TACACS users may cause code injection in Gaia Portal because of unprotected global variables usage when processing the HTTP request in the TCL process. This issue received the ID CVE-2024-24914. Solution...

8CVSS7.4AI score0.00238EPSS