CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 4 days ago•4 views

SUSE CVE-2026-46327

In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dmsuspendedmd The function dmblkreportzones tests if the device is suspended with the "dmsuspendedmd" call. However, this function is called without holding any locks, so the device may be suspended just...

5.4AI score0.00018EPSS

NVD•added 4 days ago•7 views

CVE-2026-45329

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS0.00024EPSS

NVD•added 4 days ago•9 views

CVE-2026-44634

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...

8.7CVSS0.00042EPSS

Snyk•added 4 days ago•2 views

Cross-site Scripting (XSS)

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the RelyingPartyRegistration function. An attacker can execute arbitrary scripts in the...

7.6CVSS5.3AI score0.00079EPSS

Snyk•added 4 days ago•2 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the RabbitConnectionFactoryBean.setUri function when configuring a broker connection with an amqps:// URI without also invoking setUseSSLtrue. An attacker can intercept or manipulate encrypted traffic ...

6.3CVSS5.3AI score0.00016EPSS

Snyk•added 4 days ago•3 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the SpelPropertyComparator function. An attacker can execute arbitrary SpEL expressions by supplying crafted input t...

6.4CVSS5.7AI score0.00046EPSS

Snyk•added 4 days ago•4 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness via the sendAndReceive function when using a fixed reply queue, due to correlation IDs being generated sequentially by an internal counter. An attacker can intercept or inject unauthorized replies by predicting...

4.4CVSS5.3AI score0.00025EPSS

Snyk•added 4 days ago•2 views

Open Redirect

Overview org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Open Redirect in the CookieRequestCache function. An attacker can redirect users to arbitra...

6.1CVSS5.6AI score0.00034EPSS

Snyk•added 4 days ago•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DelegatingDeserializer function. An attacker can exhaust system memory by sending records with unique, random spring.kafka.serialization.selector header values, leading to...

7.1CVSS5.3AI score0.0004EPSS

Cvelist•added 4 days ago•30 views

CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

7.1CVSS0.00024EPSS

CVE•added 4 days ago•9 views

CVE-2026-45329

ESF-IDF (Espressif IoT Development Framework) contains a vulnerability in ESP-TEE secure-service wrappers (esp_secure_services.c and esp_secure_services_iram.c) affecting versions 5.5.4 and 6.0. Several caller-supplied pointer arguments were not fully validated, allowing inputs to reference TEE-e...

7.1CVSS5.4AI score0.00024EPSS

Exploits0References4Affected Software1

EUVD•added 4 days ago•6 views

EUVD-2026-35917

7.1CVSS5.4AI score0.00024EPSS

Vulnrichment•added 4 days ago•4 views

CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

7.1CVSS5.4AI score0.00024EPSS

EUVD•added 4 days ago•8 views

EUVD-2026-35841

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS5.6AI score0.00055EPSS

NVD•added 4 days ago•5 views

CVE-2026-46539

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...

5.9CVSS0.00014EPSS