CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/09 9:15 a.m.•2 views

CVE-2025-41759

4.9CVSS5.8AI score

Vulnrichment•added 2026/03/09 8:16 a.m.•2 views

CVE-2025-41759 Use of wildcard (“*” or “all”) in Block list

4.9CVSS5.8AI score0.00016EPSS

CNNVD•added 2026/03/09 12:0 a.m.•2 views

MBS多款产品安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. The MBS UBR-01 Mk II is a remote base station device. The MBS UBR-02 is also a remote base station device. The MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security...

4.9CVSS5.9AI score0.00016EPSS

Positive Technologies•added 2026/03/09 12:0 a.m.•5 views

PT-2026-24029

4.9CVSS5.8AI score0.00016EPSS

Hacker One•added 2026/03/07 11:41 a.m.•6 views

Nextcloud: Unquoted body background attribute enables CSS injection that bypasses remote image blocking

A vulnerability was discovered in Roundcube's HTML sanitizer that enabled CSS injection when the allowremote option was set to false. The sanitizer failed to quote the value of the background attribute from the email's element, allowing a crafted data: URI to terminate the url function and inject...

5.9AI score

Hacker One•added 2026/03/07 11:33 a.m.•5 views

Nextcloud: SMIL values and by attributes bypass remote image blocking via unvalidated resource-loading animations, enabling email tracking without consent

A vulnerability was discovered in the HTML sanitizer of the Roundcube webmail client. The vulnerability allowed attackers to bypass the "Block remote images" security feature by using SMIL animation attributes to load arbitrary external resources without validation. This could have enabled email...

6AI score

Fedora•added 2026/03/07 12:33 a.m.•5 views

[SECURITY] Fedora 44 Update: perl-Crypt-URandom-0.55-1.fc44

This Module is intended to provide an interface to the strongest available source of non-blocking randomness on the current platform...

7.5CVSS5.8AI score0.00062EPSS

RedhatCVE•added 2026/03/06 7:45 p.m.•1 views

CVE-2025-13476

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...

9.8CVSS5.8AI score0.0002EPSS

RedhatCVE•added 2026/03/06 7:45 p.m.•3 views

CVE-2026-27023

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

5CVSS5.7AI score0.00042EPSS

Redos•added 2026/03/06 12:0 a.m.•2 views

ROS-20260306-73-0013

A vulnerability in the ptpvclockinuse function of the Linux operating system kernel is related to hangs due to resource re-blocking. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

5.5CVSS5.8AI score0.00084EPSS

NVD•added 2026/03/05 7:16 p.m.•3 views

CVE-2026-27023

5CVSS0.00042EPSS

Cvelist•added 2026/03/05 4:23 p.m.•26 views

CVE-2026-27023 Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client

5CVSS0.00042EPSS

EUVD•added 2026/03/05 4:23 p.m.•4 views

EUVD-2026-9845

5CVSS5.8AI score0.00042EPSS

ATTACKERKB•added 2026/03/05 4:23 p.m.•2 views

CVE-2026-27023

5CVSS5.8AI score0.00042EPSS

Exploits0References3Affected Software1

HackRead•added 2026/03/05 2:55 p.m.•7 views

Interview with Tom Howe of Hydrolix: AI Bots, the Friends, Foes, and Frenemies of Online Shopping

Hydrolix expert Tom Howe explains how AI bots impact ecommerce, how to spot good vs malicious bots, and why blocking them can hurt sales...

5.9AI score

OPENSUSE Linux•added 2026/03/05 12:0 a.m.•4 views

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0071-1 Rating: important References: 1255306 1255308 1257909 1258052 Cross-References: CVE-2025-68460 CVE-2025-68461 CVE-2026-25916 CVE-2026-26079 CVSS scores: CVE-2026-26079 SUSE: 5.3...

5.3CVSS6AI score0.06858EPSS

Exploits3References4

OPENSUSE Linux•added 2026/03/05 12:0 a.m.•4 views

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0070-1 Rating: important References: 1255306 1255308 1257909 1258052 Cross-References: CVE-2025-68460 CVE-2025-68461 CVE-2026-25916 CVE-2026-26079 CVSS scores: CVE-2026-26079 SUSE: 5.3...

5.3CVSS6AI score0.06858EPSS

Exploits3References4

Tenable Nessus•added 2026/03/05 12:0 a.m.•4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005682)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005682 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING vub300enablesdioirq works...

5.5CVSS5.9AI score0.00016EPSS

Exploits0References4

CERT•added 2026/03/05 12:0 a.m.•4 views

A flawed TLS handshake implementation affects Viber Proxy in multiple platforms

Overview The Rakuten Viber messaging app for Android V25.7.2.0g and Windows V25.6.0.0-V25.8.1.0, has a flaw in its TLS handshake implementation when using the Cloak proxy configuration. This flaw allows for easy identification of proxy usage, potentially compromising user anonymity. Description...

9.8CVSS5.9AI score0.0002EPSS