CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 3 days ago•2 views

RUSTSEC-2026-0170 tide is unmaintained

The tide crate is unmaintained, and all versions are affected. The closest maintained alternative might be trillium. See this issue for more context...

5.8AI score

RustSec•added 3 days ago•5 views

tide is unmaintained

The tide crate is unmaintained, and all versions are affected. The closest maintained alternative might be trillium. See this issue for more context...

5.8AI score

SUSE CVE•added 3 days ago•6 views

SUSE CVE-2026-27145

EUVD•added 4 days ago•9 views

EUVD-2026-34038

5.9AI score0.00009EPSS

Positive Technologies•added 4 days ago•6 views

PT-2026-45962

crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints The crypton-x509-validation and crypton-x509 libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the...

5.9AI score

Tenable Nessus•added 4 days ago•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-27145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . t...

OSV•added 5 days ago•4 views

DEBIAN-CVE-2026-27145

ATTACKERKB•added 5 days ago•5 views

Exploits0References1

CVE-2026-27145

5.9AI score0.00009EPSS

Exploits0References5Affected Software1

Vulnrichment•added 5 days ago•5 views

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

5.9AI score0.00009EPSS

Exploits0References4

CVE•added 5 days ago•26 views

CVE-2026-27145

The CVE-2026-27145 issue affects the Go standard library’s crypto/x509 VerifyHostname path, where VerifyHostname previously calls matchHostnames in a loop over all DNS SAN entries. This design causes strings.Split(host, ".") to run repeatedly on the same input, leading to a quadratic increase in ...

Debian CVE•added 5 days ago•5 views

Exploits0References4

CVE-2026-27145

OSV•added 5 days ago•6 views

GO-2026-5037 Inefficient candidate hostname parsing in crypto/x509

Nuclei•added 5 days ago•27 views

Node.js st module Directory Traversal

A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path. id: CVE-2014-3744 info: name: Node.js st module Directory Traversal author: geeknik severity: high description: A...

7.5CVSS7.3AI score0.7817EPSS

Redos•added 2026/05/29 12:0 a.m.•7 views

ROS-20260529-73-0012

The vulnerability of HashiCorp’s Vault Community Edition and Vault Enterprise, platforms for archiving corporate information, lies in the ability to bypass authentication by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to cause service interruptions...

8.1CVSS5.8AI score0.0002EPSS

Packet Storm•added 2026/05/29 12:0 a.m.•28 views

📄 EspoCRM 9.3.3 Server-Side Request Forgery

EspoCRM version 9.3.3 suffers from an authenticated server-side request forgery vulnerability. Exploit Title: EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation Google Dork: N/A Date: 2026-05-08 Exploit Author: Max Gabriel https://github.com/EntroVyx Vendor Homepage:...

4.3CVSS5.8AI score0.0087EPSS

Exploits4

SUSE CVE•added 2026/05/28 3:58 a.m.•9 views

SUSE CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

7.6CVSS5.8AI score0.00021EPSS

Debian CVE•added 2026/05/27 3:9 p.m.•6 views

CVE-2026-42790

8.1CVSS5.8AI score0.00021EPSS