CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

520613 matches found

Snyk•added 2026/06/11 1:28 p.m.•3 views

Missing Release of Memory after Effective Lifetime

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the DelegatingDecompressorFrameListener function...

7.5CVSS5.4AI score0.00609EPSS

Exploits0References2

Snyk•added 2026/06/11 1:26 p.m.•5 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper cleanup of pooled direct-memory buffers in the RedisArrayAggregator function. An attacker can exhaust the JVM-wide direct-memory pool by repeatedly opening and closing...

8.7CVSS5.5AI score0.00609EPSS

Exploits0References2

RedHat Linux•added 2026/06/11 1:24 p.m.•7 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS5.9AI score0.01409EPSS

Exploits0References4

The Hacker News•added 2026/06/11 1:20 p.m.•8 views

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real...

8.7CVSS6.9AI score0.0044EPSS

Exploits0

OSV•added 2026/06/11 1:16 p.m.•4 views

DEBIAN-CVE-2026-48998

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

5.3CVSS5.4AI score0.00313EPSS

Exploits0References1

NVD•added 2026/06/11 1:16 p.m.•9 views

CVE-2026-48998

5.3CVSS0.00313EPSS

Exploits0References1

NVD•added 2026/06/11 1:16 p.m.•6 views

CVE-2026-11956

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

6.3CVSS0.00278EPSS

Exploits0References6

OSV•added 2026/06/11 1:16 p.m.•6 views

UBUNTU-CVE-2026-48998

5.3CVSS5.3AI score0.00313EPSS

Exploits0References3

RedHat Linux•added 2026/06/11 1:9 p.m.•4 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

8.8CVSS5.9AI score0.01409EPSS

Exploits0References4

Github Security Blog•added 2026/06/11 1:4 p.m.•13 views

guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

Impact guzzlehttp/psr7 improperly interpreted malformed Host header values when constructing request URIs from inbound request data. This issue concerns inbound request parsing and server request construction. It does not require serializing a PSR-7 request, and it is not part of the normal...

5.3CVSS5.5AI score0.00313EPSS

Exploits0References3Affected Software1

OSV•added 2026/06/11 1:4 p.m.•4 views

GHSA-34XG-WGJX-8XPH guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

5.3CVSS5.5AI score0.00313EPSS

Exploits0References3

OSSF Malicious Packages•added 2026/06/11 1:2 p.m.•9 views

Malicious code in self-certificate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a2141f4facbd3abc437287c86971f1b3bb6795fad75990624f735b72139167d The package advertises itself as a self-signed certificate generator, but its main module index.js contains a loadSampleCertificate routine that read...

6.3AI score

Exploits0References1

OSV•added 2026/06/11 1:2 p.m.•4 views

MAL-2026-5644 Malicious code in self-certificate (npm)

6.3AI score

Exploits0References1

Rapid7 Blog•added 2026/06/11 1:0 p.m.•21 views

Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime

Introduction The underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for ful...

6.2AI score

Exploits0

OSV•added 2026/06/11 12:51 p.m.•2 views

SUSE-SU-2026:22143-1 Security update for openssl-3-livepatches

This update for openssl-3-livepatches fixes the following issues - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS12 MAC verification bsc1256878. - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256876. - CVE-2025-15468: NULL dereference in SSLCIPHERfi...

8.8CVSS6.5AI score0.48666EPSS

Exploits7References10

EUVD•added 2026/06/11 12:34 p.m.•6 views

EUVD-2026-36239

5.3CVSS5.4AI score0.00313EPSS

Exploits0References1

Vulnrichment•added 2026/06/11 12:34 p.m.•5 views

CVE-2026-48998 guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

5.3CVSS5.4AI score0.00313EPSS

Exploits0References1

CVE•added 2026/06/11 12:34 p.m.•45 views

CVE-2026-48998

GuzzleHttp/psr7 (PHP) before version 2.10.2 is affected by improper Host header validation when parsing raw HTTP requests or deriving a server request URI from server variables. An attacker can supply a Host header containing URI delimiters (for example [email protected]) that can be r...

5.3CVSS5.5AI score0.00313EPSS

Exploits0References1Affected Software1