CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1933 matches found

Positive Technologies•added 2026/04/06 12:0 a.m.•3 views

PT-2026-30594

A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $ SERVER'PHP SELF' results in cross site scripting...

4.8CVSS4.4AI score0.00035EPSS

Exploits0References6

CNNVD•added 2026/04/06 12:0 a.m.•5 views

Student-Management-System 代码注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Versions of Student-Management-System 1a938fa61e9f735078e9b291d2e6215b4942af3f and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of the...

4.8CVSS5.7AI score0.00035EPSS

Exploits0References5

SUSE CVE•added 2026/04/03 11:25 p.m.•1 views

SUSE CVE-2026-31398

In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix incorrect pte restoration for lazyfree folios We batch unmap anonymous lazyfree folios by foliounmapptebatch. If the batch has a mix of writable and non-writable bits, we may end up setting the entire batch writable...

7.8CVSS5.8AI score0.00015EPSS

Exploits0References3

Github Security Blog•added 2026/04/03 9:51 p.m.•2 views

vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

Summary A Server Side Request Forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server, without any URL validation or domain restrictions. This can be used to target...

5.4CVSS6.1AI score0.00046EPSS

Exploits1References5Affected Software1

OSV•added 2026/04/03 9:51 p.m.•2 views

GHSA-PF3H-QJGV-VCPR vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

5.4CVSS6.1AI score0.00046EPSS

Exploits1References5

EUVD•added 2026/04/03 6:31 p.m.•2 views

EUVD-2026-18778

5.8AI score0.00015EPSS

Exploits0References4

RedhatCVE•added 2026/04/03 5:46 p.m.•1 views

CVE-2026-31398

A flaw was found in the Linux kernel's memory management unit MMU. A local user could exploit this vulnerability by manipulating memory operations, leading to incorrect page table entry PTE restoration for lazyfree folios during batch unmapping. This issue can cause memory pages with mixed writab...

7.8CVSS5.8AI score0.00015EPSS

Exploits0References4

NVD•added 2026/04/03 4:16 p.m.•0 views

CVE-2026-31398

7.8CVSS0.00015EPSS

Exploits0References3

OSV•added 2026/04/03 4:16 p.m.•5 views

UBUNTU-CVE-2026-31398

7.8CVSS5.7AI score0.00015EPSS

Exploits0References6

UbuntuCve•added 2026/04/03 4:16 p.m.•2 views

CVE-2026-31398

7.8CVSS5.8AI score0.00015EPSS

Exploits0References5

Cvelist•added 2026/04/03 3:16 p.m.•20 views

CVE-2026-31398 mm/rmap: fix incorrect pte restoration for lazyfree folios

7.8CVSS0.00015EPSS

Exploits0References3

CVE•added 2026/04/03 3:16 p.m.•6 views

CVE-2026-31398

Summary (CVE-2026-31398) : A Linux kernel MMU issue in the rmap code affects lazyfree folios during batch unmapping. When a folio’s pages have a mix of writable and non-writable PTEs, the batch restoration path could mark the entire batch writable, breaking CoW semantics and potentially causing a...

7.8CVSS5.8AI score0.00015EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/04/03 3:16 p.m.•1 views

CVE-2026-31398

5.8AI score0.00015EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-30275

Summary A Server Side Request Forgery SSRF vulnerability in download bytes from url allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server, without any URL validation or domain restrictions. This can be used to target...

5.4CVSS6.1AI score0.00046EPSS

Exploits1References6

CNNVD•added 2026/04/03 12:0 a.m.•3 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper restoration of writable and soft dirty bits during batch processing, potentially...

7.8CVSS5.8AI score0.00015EPSS

Exploits0References3

GithubExploit•added 2026/04/02 4:26 p.m.•67 views

mansstimap

mansstimap SSTI Manager - Advanced SSTI Detection & Exploita...

6.1AI score

Exploits0

Snyk•added 2026/04/01 8:30 p.m.•1 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via batch operation. An attacker can perform unauthorized operations such as signaling, deleting, or resetting workflows or activities in another namespace by manipulating the namespace...

4.9CVSS5.9AI score0.00058EPSS

Exploits0References2

Snyk•added 2026/04/01 8:30 p.m.•0 views

Authorization Bypass Through User-Controlled Key

4.9CVSS5.9AI score0.00058EPSS

Exploits0References2

ATTACKERKB•added 2026/04/01 5:49 p.m.•1 views

CVE-2026-5199

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS6AI score0.00058EPSS

Exploits0References3Affected Software1

CVE•added 2026/04/01 5:49 p.m.•12 views

CVE-2026-5199

The CVE-2026-5199 issue arises from a bug in Temporal Server v1.29.0 where a writer in an attacker-controlled namespace could signal, delete, or reset workflows/activities in a victim namespace on the same cluster. The root cause is that the batch activity validated the victim namespace ID but di...

2.3CVSS6AI score0.00058EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by