CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

171 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are vulnerable to a Out-of-Bounds Read vulnerability in the nscrledecompressdata function. The Out-of-Bounds Read vulnerability occurs because the function processes...

7.5CVSS7AI score0.00293EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalLumaToYUV444 function. This Out-Of-Bounds Read occurs because processing is done on the in variable without checking if it...

9.1CVSS6.9AI score0.00103EPSS

Exploits1References2

vulnersOsv•added 2026/04/10 5:8 p.m.•3 views

bg.codexio.ai:openai-api-examples (>=0.8.0.BETA <=0.9.0.BETA-JDK17), ch.cern:cerndb-sw-zkpolicy (=1.0.1-21) +305 more potentially affected by CVE-2026-34479 via org.apache.logging.log4j:log4j-core (>=3.0.0-alpha1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-alpha1, =0.8.0.BETA, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 and more Source cves: CVE-2026-34479 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967804...

7.5CVSS5.8AI score0.00126EPSS

Exploits1

vulnersOsv•added 2026/04/10 5:6 p.m.•3 views

bg.codexio.ai:openai-api-examples (>=0.8.0.BETA <=0.9.0.BETA-JDK17), ch.cern:cerndb-sw-zkpolicy (=1.0.1-21) +305 more potentially affected by CVE-2026-34480 via org.apache.logging.log4j:log4j-core (>=3.0.0-alpha1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-alpha1, =0.8.0.BETA, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 and more Source cves: CVE-2026-34480 Source advisory: SNYK:JAVA-ORGAPACHELOGGINGLOG4J-15967769...

7.5CVSS5.8AI score0.00034EPSS

Exploits0

Vulnrichment•added 2026/03/05 9:59 p.m.•2 views

CVE-2026-28393 OpenClaw 2.0.0-beta3 < 2026.2.14 - Arbitrary JavaScript Module Loading via Hook Transform Path Traversal

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

8.3CVSS6AI score0.00111EPSS

Exploits0References4

Cvelist•added 2026/03/05 8:38 p.m.•23 views

CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

8.5CVSS0.00071EPSS

Exploits1References1

CVE•added 2026/03/05 8:38 p.m.•6 views

CVE-2026-28442

ZimaOS 1.5.2-beta3 (a CasaOS fork) exposes an improper input validation and broken access control in filesystem operations. By altering the path parameter in the delete API, restricted system files/directories can be removed, bypassing UI protections. Backend lacks validation to ensure the path i...

8.5CVSS5.9AI score0.00071EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/03/05 12:0 a.m.•3 views

ZimaOS 安全漏洞

ZimaOS is an open-source operating system project by IceWhaleTech, aimed at providing a lightweight, high-performance, and secure operating system environment. Version ZimaOS 1.5.2-beta3 contains a security vulnerability, which stems from insufficient validation of API path parameters. This...

8.5CVSS5.8AI score0.00071EPSS

Exploits1References1

Positive Technologies•added 2026/03/02 12:0 a.m.•3 views

PT-2026-22628

Name of the Vulnerable Software and Affected Versions ZimaOS version 1.5.2-beta3 Description ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application restricts file and folder creation in internal OS paths through the...

9.9CVSS5.9AI score0.00092EPSS

Exploits2References14

OSV•added 2026/02/13 8:52 p.m.•2 views

GHSA-QHP6-6P8P-2RQH Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

8.1CVSS5.3AI score0.00373EPSS

Exploits1References10