CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 4 days ago•4 views

PT-2026-49581

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

5.3CVSS5.7AI score0.00077EPSS

Positive Technologies•added 4 days ago•8 views

PT-2026-49167

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file appmodulesmedicalportrestcontrollersPatientController.php of the component HTTP REST API. The manipulation of the argument ID results ...

5.3CVSS5.1AI score0.00226EPSS

Exploits0References6

Positive Technologies•added 4 days ago•6 views

PT-2026-49527

Name of the Vulnerable Software and Affected Versions Socket versions prior to 2.041 Description An out-of-bounds heap read exists in the pack ip mreq source function. The issue occurs because the function validates the length of the source argument using the byte length of the preceding multiadd...

9.1CVSS5.1AI score0.00394EPSS

CVE•added 4 days ago•10 views

CVE-2025-55647

The CVE-2025-55647 entry concerns GPAC MP4Box v2.4. The vulnerability is an Out-of-Memory in mp4_mux_cenc_insert_pssh (filters/mux_isom.c) that allows a crafted MP4 file to cause a Denial of Service. Affected component is the mp4_mux_cenc_insert_pssh function; the root cause is memory exhaustion ...

5.5CVSS5.2AI score0.00167EPSS

Exploits1References2Affected Software1

Packet Storm•added 4 days ago•33 views

📄 FreeType SHZ 2.14.3 Heap Buffer Overflow

This Python proof of concept framework is designed for security research into a reported heap buffer overflow condition affecting the FreeType TrueType bytecode interpreter. The code constructs specially crafted font structures intended to exercise the SHZ instruction path, generates malformed...

5.8AI score

Positive Technologies•added 4 days ago•14 views

PT-2026-49562

A Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber function, which is also utilized by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. Specifically, the minimum and maximum...

8.2CVSS5.5AI score0.00063EPSS

Exploits0References4

Positive Technologies•added 4 days ago•10 views

PT-2026-49341

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A flaw exists in the WavPack audio decoder within gst-plugins-good. An integer overflow occurs during the buffer size calculation 4 block samples channels inside the gst wavpack dec handle...

7.6CVSS6.1AI score0.00238EPSS

Tenable Nessus•added 4 days ago•5 views

TencentOS Server 4: vim (TSSA-2026:0347)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0347 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7CVSS5.5AI score0.00573EPSS

Exploits0References3

Positive Technologies•added 4 days ago•7 views

PT-2026-49291

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action unlock sim via the pin parameter...

5.3AI score0.01046EPSS

Exploits0References2

Tenable Nessus•added 4 days ago•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-11850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an...

5CVSS5.3AI score0.00261EPSS

Exploits0References4

8.6CVSS5.5AI score0.00329EPSS

GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability

Summary A guessable session cookie vulnerability exists in the Web Interface functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability. Confirmed...

9.9CVSS6.4AI score0.01606EPSS

GeoVision LPC2011/LPC2211 DdnsSetting.cgi OS command injection vulnerability

Summary A OS command injection vulnerability exists in the DdnsSetting.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability. Confirmed...

9.3CVSS5.6AI score0.00214EPSS

GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

Summary A insufficient encryption vulnerability exists in the Device Authentication functionality of GV-IP Device Utility versions: 9.0.5. A specially crafted network sniffing can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. Confirmed...

9.8CVSS6.2AI score0.00534EPSS

GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

Summary A stack overflow vulnerability exists in the WebCam Server Login functionality of GV-VMS V20 versions: 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Confirmed Vulnerable...