CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/13 3:31 p.m.•0 views

CVE-2026-6231

The bsonvalidate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that re...

5.3CVSS5.8AI score0.00184EPSS

Exploits0References2Affected Software1

OSV•added 2026/04/13 12:31 p.m.•4 views

GHSA-7549-GGPQ-22W8 Duplicate Advisory: LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pr3g-phhr-h8fh. This link is maintained to preserve external references. Original Description LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing...

EUVD•added 2026/04/13 12:31 p.m.•1 views

Exploits1References4

EUVD-2026-21908

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server...

Github Security Blog•added 2026/04/13 12:31 p.m.•6 views

Exploits1References3

Duplicate Advisory: LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write

Exploits1References4Affected Software1

NVD•added 2026/04/13 11:16 a.m.•5 views

CVE-2026-6204

8.5CVSS0.07533EPSS

Cvelist•added 2026/04/13 10:56 a.m.•27 views

CVE-2026-6204

8.5CVSS0.07533EPSS

ATTACKERKB•added 2026/04/13 10:56 a.m.•2 views

CVE-2026-6204

Vulnrichment•added 2026/04/13 10:56 a.m.•0 views

CVE-2026-6204

Packet Storm News•added 2026/04/13 12:0 a.m.•3 views

YARA-X 1.15.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

5.8AI score

CNNVD•added 2026/04/13 12:0 a.m.•5 views

LibreNMS 安全漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 26.3.0 contained security vulnerabilities, which were caused ...

8.5CVSS6.2AI score0.07533EPSS

Positive Technologies•added 2026/04/13 12:0 a.m.•1 views

PT-2026-32331

Fedora•added 2026/04/12 3:53 p.m.•6 views

Exploits1References3

[SECURITY] Fedora 42 Update: libmicrohttpd-1.0.3-1.fc42

GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Key features that distinguish libmicrohttpd from other projects are: C library: fast and small API is simple, expressive and fully reentrant Implementation is http 1.1...

8.7CVSS5.8AI score0.00374EPSS

Packet Storm News•added 2026/04/12 12:0 a.m.•2 views

Machine Learning-Based Detection of MCP Attacks

The Model Context Protocol MCP is a new and emerging technology that extends the functionality of large language models, improving workflows but also exposing users to a new attack surface. Several studies have highlighted related security flaws, but MCP attack detection remains underexplored. To...

5.9AI score

Snyk•added 2026/04/10 10:9 p.m.•3 views

Timing Attack

Overview phpseclib/phpseclib is a PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. Affected versions of this package are vulnerable to Timing Attack via the getbinarypacket function. An attacker can potentially infer sensitive information about the...

6.3CVSS5.8AI score0.00334EPSS

Exploits0References2

OSV•added 2026/04/10 9:16 p.m.•2 views

DEBIAN-CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

EUVD•added 2026/04/10 8:58 p.m.•2 views

Exploits0References1

EUVD-2026-21597

phpseclib has a variable-time HMAC comparison in SSH2::getbinarypacket using != instead of hashequals...

Github Security Blog•added 2026/04/10 8:58 p.m.•6 views

Exploits0References5

phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...

3.7CVSS5.9AI score0.00334EPSS

Exploits0References7Affected Software1

Vulnrichment•added 2026/04/10 8:24 p.m.•1 views

CVE-2026-40194 phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

CVE•added 2026/04/10 8:24 p.m.•34 views

Exploits0References5

CVE-2026-40194

CVE-2026-40194 affects the phpseclib PHP secure communications library. Prior to versions 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() compares the received SSH packet HMAC to the computed HMAC using the != operator. In PHP, != on equal-length binary strings invokes memcmp(...