CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

200 matches found

SUSE CVE•added 2026/06/04 2:30 a.m.•8 views

SUSE CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS5.9AI score0.00608EPSS

Exploits0References3

RedhatCVE•added 2026/06/03 11:40 a.m.•6 views

CVE-2026-9516

A flaw was found in Cpanel::JSON::XS, a Perl module used for processing JSON data. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted input that begins with a UTF-8 Byte Order Mark BOM. When a decode filter callback encounters an error with...

7.5CVSS5.8AI score0.00608EPSS

Exploits0References2

OSV•added 2026/06/03 1:16 a.m.•6 views

UBUNTU-CVE-2026-9516

7.5CVSS5.4AI score0.00608EPSS

Exploits0References2

Cvelist•added 2026/06/03 12:15 a.m.•40 views

CVE-2026-9516 Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws

0.00608EPSS

Exploits0References2

Debian CVE•added 2026/06/03 12:15 a.m.•8 views

CVE-2026-9516

7.5CVSS5.9AI score0.00608EPSS

Exploits0

CVE•added 2026/06/03 12:15 a.m.•19 views

CVE-2026-9516

CVE-2026-9516 affects Cpanel::JSON::XS for Perl prior to 4.41. A UTF-8 BOM prefixed input with a throwing decode filter callback can cause the decoder to skip restoration of the input pointer, leaving the scalar with an offset pointer. When the scalar is freed, the allocator may receive an invali...

7.5CVSS5.9AI score0.00608EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/06/03 12:0 a.m.•11 views

PT-2026-45892

Name of the Vulnerable Software and Affected Versions Cpanel::JSON::XS versions prior to 4.41 Description An issue exists where providing input prefixed with a UTF-8 Byte Order Mark BOM can lead to a denial of service. When the decode json function processes a 3-byte UTF-8 BOM, it advances the...

7.5CVSS5.4AI score0.00608EPSS

Exploits0References12

CNNVD•added 2026/06/03 12:0 a.m.•2 views

Cpanel::JSON::XS 安全漏洞

Cpanel::JSON::XS is a tool developed by RURBAN personal developers that converts Perl data structures into JSON format. Versions of Cpanel::JSON::XS prior to version 4.41 contained security vulnerabilities. These vulnerabilities stemmed from exceptions thrown during the decoding filter callback,...

7.5CVSS5.3AI score0.00608EPSS

Exploits0References3

Chainguard•added 2026/03/31 7:55 a.m.•5 views

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: gitaly-fips, gitlab-rails-ce, cerbos-fips, nemo, kyverno, kaniko-fips, teleport, cloudbeat-fips, cg, guac, tfsec, apko-fips, argo-cd-fips, argocd-image-updater-fips, external-secrets-operator, snyk-cli, packer-fips, trivy, bom, gomplate, pulumi-language-yaml, xeol,...

5.8AI score

Exploits0

Chainguard•added 2026/03/31 7:55 a.m.•14 views

CVE-2026-33762 vulnerabilities

2.8CVSS5.8AI score0.00153EPSS

Exploits0

Chainguard•added 2026/03/31 7:55 a.m.•6 views

CVE-2026-34165 vulnerabilities

5CVSS5.8AI score0.00147EPSS

Exploits0

Wolfi•added 2026/03/31 7:48 a.m.•8 views

GHSA-JHF3-XXHW-2WPP vulnerabilities

Vulnerabilities for packages: trufflehog, snyk-cli, kubevela, nfpm, crossplane, gitea, steampipe, flux-image-automation-controller, tfsec, argocd-image-updater, cerbos, gomplate, grafana, grafana-alloy, melange, pulumi-kubernetes-operator, rancher-fleet, trivy, src-fingerprint, argo-cd, grype,...

5.8AI score

Exploits0

Wolfi•added 2026/03/31 7:48 a.m.•13 views

CVE-2026-33762 vulnerabilities

2.8CVSS5.8AI score0.00153EPSS

Exploits0

Wolfi•added 2026/03/31 7:48 a.m.•8 views

CVE-2026-34165 vulnerabilities

5CVSS5.8AI score0.00147EPSS

Exploits0

vulnersOsv•added 2026/03/30 5:26 p.m.•4 views

com.agentsflex:agents-flex-bom (>=2.1.1 <=2.1.3), com.agentsflex:agents-flex-mcp (>=2.0.0 <=2.1.3) +28 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (=1.0.0)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.modelcontextprotocol.sdk:mcp-core and may be impacted: - com.agentsflex:agents-flex-bom =2.1.1, =2.0.0, =2.1.1, =2.0.4, =0.1.1, =0.1.1,...

6.1CVSS7.4AI score0.00222EPSS

Exploits0

Wolfi•added 2026/02/10 1:48 p.m.•10 views

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: dbmate, cert-manager, thanos-operator, infinispan-operator, aws-eks-pod-identity-agent, podinfo, rancher-fleet, incert, src-fingerprint, vault-k8s, timoni, amazon-k8s-cni, mc, timescaledb-parallel-copy, hcloud, sftpgo-plugin-eventsearch, dive, terraform-docs,...

8.6CVSS7.1AI score0.00205EPSS

Exploits0

Wolfi•added 2026/02/10 1:48 p.m.•22 views

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: dbmate, cert-manager, thanos-operator, infinispan-operator, aws-eks-pod-identity-agent, podinfo, rancher-fleet, incert, src-fingerprint, vault-k8s, timoni, mc, timescaledb-parallel-copy, hcloud, sftpgo-plugin-eventsearch, dive, terraform-docs, opa-envoy,...

10CVSS6.8AI score0.00765EPSS

Exploits1

OSV•added 2026/01/22 2:15 a.m.•4 views

CVE-2025-27379

A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...

4.6CVSS5.8AI score0.00201EPSS

Exploits0References1