CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

229 matches found

CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS0.00046EPSS

Exploits0References1

CVE•added 2 days ago•23 views

CVE-2026-47065

CVE-2026-47065 (Apache MINA context) describes two deserialization bypass issues: first, resolveProxyClass bypasses the accept/allow-list when JDK resolves proxy interfaces from a serialized proxy via ObjectInputStream.readProxyDesc(), and second, readClassDescriptor triggers static initializers ...

9.8CVSS5.8AI score0.00046EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•4 views

CVE-2026-47065

9.8CVSS5.8AI score0.00046EPSS

Exploits0References2Affected Software1

EUVD•added 2 days ago•4 views

EUVD-2026-34069

9.8CVSS5.8AI score0.00046EPSS

Exploits0References1

OSV•added 3 days ago•5 views

EEF-CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme wit...

8.2CVSS5.8AI score0.00042EPSS

Exploits0References4

Snyk•added 4 days ago•2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML allowlist in dist/purify.cjs.js and related build artifacts. An attacker can inject a selectedcontent element into...

8.2CVSS5.7AI score

Exploits0References2

SUSE CVE•added 6 days ago•8 views

SUSE CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS

Exploits1References3

PyPA•added 2026/05/28 4:16 p.m.•6 views

PYSEC-0000-CVE-2026-48523

5.4CVSS5.8AI score0.00014EPSS

Exploits1References1Affected Software1

NVD•added 2026/05/28 4:16 p.m.•9 views

CVE-2026-48523

5.4CVSS0.00014EPSS

Exploits1References1

OSV•added 2026/05/28 4:16 p.m.•3 views

UBUNTU-CVE-2026-48523

5.4CVSS5.8AI score0.00014EPSS

Exploits1References3

EUVD•added 2026/05/28 3:10 p.m.•6 views

EUVD-2026-32918

5.4CVSS5.8AI score0.00014EPSS

Exploits1References1

Debian CVE•added 2026/05/28 3:10 p.m.•8 views

CVE-2026-48523

5.4CVSS5.8AI score0.00014EPSS

Exploits1

Cvelist•added 2026/05/28 3:10 p.m.•25 views

CVE-2026-48523 PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

5.4CVSS0.00014EPSS

Exploits1References1

Vulnrichment•added 2026/05/28 3:10 p.m.•6 views

CVE-2026-48523 PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

5.4CVSS5.8AI score0.00014EPSS

Exploits1References1

Positive Technologies•added 2026/05/28 12:0 a.m.•5 views

PT-2026-44395

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decode complete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS

Exploits1References2

Tenable Nessus•added 2026/05/22 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate...

7.4CVSS5.9AI score0.00018EPSS

Exploits0References2

Tenable Nessus•added 2026/05/22 12:0 a.m.•8 views

Grafana Labs < 11.6.14+security-04 / 12.2.0 < 12.2.8+security-04 / 12.3.0 < 12.3.6+security-04 / 12.4.0 < 12.4.3+security-02 / 13.0.0 < 13.0.1+security-01 Multiple Vulnerabilities

The version of Grafana Labs installed on the remote host is affected by multiple vulnerabilities, including: - A broken access control flaw in the Snapshot API allows any Editor to delete dashboard snapshots, even those they have no read or write access to. CVE-2026-28380 - When using an IPv6...

7.4CVSS5.9AI score0.00019EPSS

Exploits0References20

Tenable Nessus•added 2026/05/22 12:0 a.m.•3 views

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016686 advisory. Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a...

8.5CVSS7.3AI score0.00099EPSS

Exploits0References4

OSV•added 2026/05/15 8:42 a.m.•2 views

BIT-GRAFANA-2026-33376 Auth Proxy IPv6 whitelist bypass

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...

7.4CVSS5.8AI score0.00018EPSS

Exploits0References2

SUSE CVE•added 2026/05/15 1:59 a.m.•4 views

SUSE CVE-2026-33376

7.4CVSS5.8AI score0.00018EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by