CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6911 matches found

EUVD•added 2026/04/17 9:25 p.m.•4 views

EUVD-2026-7736

Sentry: Improper authentication on SAML SSO process allows user identity linking...

9.1CVSS5.8AI score0.00058EPSS

Exploits0References3

Vulnrichment•added 2026/04/17 9:5 p.m.•0 views

CVE-2026-40351 FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...

9.8CVSS5.7AI score0.00085EPSS

Exploits1References3

OSV•added 2026/04/17 12:59 p.m.•2 views

OESA-2026-1914 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is...

6.7CVSS6AI score0.00026EPSS

Exploits0References3

Tenable Nessus•added 2026/04/17 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007614)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007614 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data...

5.9AI score0.00058EPSS

Exploits0References4

OSV•added 2026/04/16 11:36 p.m.•4 views

BIT-AUTHENTIK-2026-25922 authentik has a Signature Verification Bypass via SAML Assertion Wrapping

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

8.8CVSS5.7AI score0.00012EPSS

Exploits0References5

RedHat Linux•added 2026/04/16 7:57 p.m.•3 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

A flaw was found in nghttp2. Due to missing internal state validation, the library continues to process incoming data even after a session has been terminated. A remote attacker could exploit this by sending a specially crafted HTTP/2 frame, leading to an assertion failure and a denial of service...

7.5CVSS7AI score0.0003EPSS

Exploits0References6

RedHat Linux•added 2026/04/16 7:46 p.m.•5 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

7.5CVSS7AI score0.0003EPSS

Exploits0References6

RedHat Linux•added 2026/04/16 6:48 p.m.•4 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

7.5CVSS7AI score0.0003EPSS

Exploits0References6

Tenable Nessus•added 2026/04/16 12:0 a.m.•3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : nghttp2 (SUSE-SU-2026:1350-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1350-1 advisory. This update for nghttp2 fixes the following issue: - CVE-2026-27135: assertion failure due to missing sta...

7.5CVSS7.1AI score0.0003EPSS

Exploits0References4

RedHat Linux•added 2026/04/15 7:16 p.m.•1 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

7.5CVSS7AI score0.0003EPSS

Exploits0References6

SUSE CVE•added 2026/04/14 11:25 p.m.•3 views

SUSE CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

5.5CVSS5.7AI score0.00019EPSS

Exploits1References3

RedhatCVE•added 2026/04/14 7:23 p.m.•1 views

CVE-2026-22560

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...

5.3CVSS5.9AI score0.00052EPSS

Exploits0References1

RedHat Linux•added 2026/04/14 7:23 a.m.•2 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

7.5CVSS6.7AI score0.0003EPSS

Exploits0References6

Redos•added 2026/04/14 12:0 a.m.•2 views

ROS-20260414-73-0029

A vulnerability in the nestedsvmvmexit function of the arch/x86/kvm/svm/nested.c module of the virtualization subsystem on the x86 platform of the Linux operating system kernel is related to an uncontrolled reachable assertion. Exploitation of the vulnerability could allow an attacker to cause a...

5.5CVSS5.9AI score0.00017EPSS

Exploits0

RedHat Linux•added 2026/04/13 6:36 p.m.•0 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

7.5CVSS6.7AI score0.0003EPSS

Exploits0References6

RedHat Linux•added 2026/04/13 2:27 a.m.•1 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination

7.5CVSS6.7AI score0.0003EPSS

Exploits0References6

RedHat Linux•added 2026/04/13 2:25 a.m.•1 views

nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination