CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/06 7:58 a.m.•2 views

BIT-NODE-2026-21712

5.7CVSS6.7AI score0.00325EPSS

OSV•added 2026/04/03 1:8 p.m.•3 views

JLSEC-2026-22

The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service assertion failure and application exit via a '!2' string...

7.5CVSS6AI score0.02249EPSS

Exploits1References4

Microsoft CVE•added 2026/04/02 8:1 a.m.•7 views

iconv crash due to assertion failure with untrusted input

...

7.5CVSS5.8AI score0.00357EPSS

Exploits1

CNVD•added 2026/04/02 12:0 a.m.•3 views

FreeRDP Denial of Service Vulnerability (CNVD-2026-16035)

FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . A denial of service vulnerability exists in FreeRDP. The vulnerability arises because the IMA ADPCM audio decoding process does not validate the step index parameter, resulting in out-of-bounds access to the...

6.9CVSS5.9AI score0.00256EPSS

Exploits1

CVE•added 2026/03/30 9:42 p.m.•22 views

CVE-2026-33952

FreeRDP prior to 3.24.2 is affected by CVE-2026-33952, where an unvalidated auth_length read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks() and causes a client crash via RPC-over-HTTP gateway. The issue is mitigated by upgrading to FreeRDP 3.24.2 or later...

6.5CVSS5.8AI score0.00271EPSS

Exploits1References2Affected Software1

Debian CVE•added 2026/03/30 9:41 p.m.•2 views

CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

6.9CVSS4.7AI score0.00256EPSS

Exploits1

EUVD•added 2026/03/30 6:31 p.m.•2 views

EUVD-2026-17093

Cvelist•added 2026/03/30 5:16 p.m.•23 views

CVE-2026-4046 iconv crash due to assertion failure with untrusted input

The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and...

0.00357EPSS

Exploits1References3

NVD•added 2026/03/30 4:16 p.m.•2 views

CVE-2026-21712

5.7CVSS0.00325EPSS

OSV•added 2026/03/30 4:16 p.m.•1 views

ALPINE-CVE-2026-21712

Cvelist•added 2026/03/30 3:13 p.m.•20 views

Exploits0References1

CVE-2026-21712

5.7CVSS0.00325EPSS

CVE•added 2026/03/30 3:13 p.m.•12 views

CVE-2026-21712

CVE-2026-21712 affects the Node.js package nodejs24 for versions less than 24.14.1-1 . The issue is a flaw in Node.js URL processing that triggers an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, cr...

Vulnrichment•added 2026/03/30 3:13 p.m.•2 views

CVE-2026-21712

Debian CVE•added 2026/03/30 3:13 p.m.•2 views

CVE-2026-21712

5.7CVSS6.4AI score0.00325EPSS

Exploits0

CNNVD•added 2026/03/30 12:0 a.m.•5 views

FreeRDP 安全漏洞

6.9CVSS5.8AI score0.00256EPSS

Exploits1References3

OSV•added 2026/03/27 2:4 p.m.•2 views

OESA-2026-1754 nghttp2 security update

The framing layer of HTTP/2 is implemented as a form of reusable C library. On top of that, we have implemented HTTP/2 client, server and proxy. We have also developed load test and benchmarking tool for HTTP/2. Security Fixes: A security vulnerability exists in nghttp2 library where missing stat...

7.5CVSS5.9AI score0.0056EPSS

OSV•added 2026/03/26 12:39 p.m.•0 views

SUSE-SU-2026:1074-1 Security update for nghttp2

This update for nghttp2 fixes the following issues: - CVE-2026-27135: Assertion failure due to missing state validation can lead to DoS bsc1259845...

7.5CVSS5.9AI score0.0056EPSS