CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7058 matches found

GithubExploit•added 2026/05/19 4:26 p.m.•164 views

Exploit for CVE-2026-45185

CVE-2026-45185 Nuclei Template Validation Lab This repository...

9.8CVSS6.1AI score0.01225EPSS

Exploits2

RedHat Linux•added 2026/05/19 1:29 p.m.•11 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

6.5CVSS5.8AI score0.00252EPSS

Exploits0References6

ATTACKERKB•added 2026/05/19 12:49 p.m.•6 views

CVE-2026-23557

Any guest can cause xenstored to crash by issuing a XSRESETWATCHES command within a transaction due to an assert triggering. In case xenstored was built with NDEBUG defined nothing bad will happen, as assert is doing nothing in this case. Note that the default is not to define NDEBUG for xenstore...

6.5CVSS5.8AI score0.00158EPSS

Exploits0References2

Snyk•added 2026/05/18 3:48 p.m.•3 views

Undefined Behavior for Input to API

Overview Affected versions of this package are vulnerable to Undefined Behavior for Input to API in the comparator function responsible for ordering Datagram Transport Layer Security DTLS packets by sequence numbers. An attacker can cause unstable packet ordering or undefined behavior by sending...

8.7CVSS5.8AI score0.0082EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/05/18 11:54 a.m.•8 views

Malicious code in ctf-flare (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 23293f1bc28e465f7ffaf916fd8a6cc3958b873a2b338b81c0bf71bb146d1d36 package.json declares a postinstall script that runs node src/install.js after building a local binary. src/install.js is a 175 KB single-line payloa...

5.8AI score

Exploits0References1

Positive Technologies•added 2026/05/18 12:0 a.m.•9 views

PT-2026-41688

Summary The custom html purify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

5.4CVSS5.7AI score0.00029EPSS

Exploits0References4

OSSF Malicious Packages•added 2026/05/16 3:36 a.m.•11 views

Malicious code in apexomni-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e9d6ad71ac3eb0c091e0d70625e7daec5ed0352e8b8a4ed2273f2563aafad9 The package apexomni-node was found to contain malicious code. Source: ghsa-malware 7412ab94dec4136827a9aaa0f414452c3bbf8f23b2ea6820b29a1b4e8cc156f5...

5.8AI score

Exploits0References1

RedhatCVE•added 2026/05/15 4:13 p.m.•6 views

CVE-2026-7258

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS5.6AI score0.00337EPSS

Exploits0References4

hivepro•added 2026/05/15 6:26 a.m.•13 views

Top Cybersecurity Frameworks Compared

Top Cybersecurity Frameworks Compared: NIST, CIS, and MITRE ATT&CK Security leaders do not need another framework for the sake of paperwork. They need a practical way to decide which cybersecurity frameworks help the business govern risk, harden defenses, and validate whether controls can withsta...

5.9AI score

Exploits0

Cvelist•added 2026/05/15 2:42 a.m.•37 views

CVE-2025-66660

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

1.8CVSS0.00101EPSS

Exploits0References1

Positive Technologies•added 2026/05/15 12:0 a.m.•10 views

PT-2026-41256

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV SOC CMD ID SRIOV CHECK TA COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

1.8CVSS5.8AI score0.00101EPSS

Exploits0References2

Positive Technologies•added 2026/05/15 12:0 a.m.•9 views

PT-2026-41259

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV SOC CMD ID SRIOV COPY VF CHIPLET REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

1.8CVSS5.8AI score0.00101EPSS

Exploits0References2

Tenable Nessus•added 2026/05/15 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-42327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from...

8.7CVSS5.9AI score0.00211EPSS

Exploits0References3

OSV•added 2026/05/14 9:16 p.m.•2 views

DEBIAN-CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS5.9AI score0.00211EPSS

Exploits0References1