CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1425 matches found

CVE-2026-54067

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer...

9.9CVSS0.00068EPSS

Exploits0References1

NVD•added 3 days ago•7 views

CVE-2026-56280

Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect using the privileged...

7.1CVSS0.00262EPSS

Exploits0References2

CVE•added 3 days ago•14 views

CVE-2026-54232

vLLM prior to 0.22.1 is affected by a dependency confusion flaw in its Dockerfile. The vulnerability arises from installing flashinfer-jit-cache from a private index (flashinfer.ai/whl/) via --extra-index-url while the package name was not registered on PyPI and UV_INDEX_STRATEGY is set to unsafe...

8.8CVSS6.2AI score0.00288EPSS

Exploits1References1Affected Software1

EUVD•added 3 days ago•5 views

EUVD-2026-38368

7.1CVSS5.9AI score0.00262EPSS

Exploits0References2

Cvelist•added 3 days ago•22 views

CVE-2026-56280 Cap-go - Privilege Inversion in Build Log Stream via SSE Disconnect

7.1CVSS0.00262EPSS

Exploits0References2

Positive Technologies•added 3 days ago•9 views

PT-2026-51406

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description A privilege inversion issue exists in the 'GET /build/logs/:jobId' endpoint. This endpoint utilizes Server-Sent Events SSE to stream output and registers an abort listener that invokes the...

7.1CVSS5.9AI score0.00262EPSS

Exploits0References4

NVD•added 4 days ago•8 views

CVE-2026-56367

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash...

6.3CVSS0.00189EPSS

Exploits0References2

Debian CVE•added 4 days ago•5 views

CVE-2026-56367

6.3CVSS5.9AI score0.00189EPSS

Exploits0

Cvelist•added 4 days ago•30 views

CVE-2026-56367 ImageMagick - Heap Out-of-Bounds Read in PSB RLE Decoding

6.3CVSS0.00189EPSS

Exploits0References2

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerability in nss

During RSA key generation, bignum implementations used a variant of the Binary Extended Euclidean Algorithm, which involved significant input-dependent processes. This allowed attackers to perform electromagnetic-based side-channel attacks to capture traces that could lead to the recovery of secr...

4.4CVSS6.4AI score0.00337EPSS

Exploits0References2

OSV•added 2026/06/18 9:53 a.m.•6 views

BIT-PYTHON-MIN-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS

Exploits0References9

OSV•added 2026/06/18 9:53 a.m.•5 views

BIT-PYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

5.3CVSS5.5AI score0.00136EPSS

Exploits0References9

OSV•added 2026/06/18 9:49 a.m.•6 views

BIT-LIBPYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

5.3CVSS5.4AI score0.00136EPSS

Exploits0References9

Tenable Nessus•added 2026/06/17 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-12003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate...

5.3CVSS5.8AI score0.00136EPSS

Exploits0References3

Chainguard•added 2026/06/16 8:22 p.m.•6 views

GHSA-JQ35-7PRP-9V3F vulnerabilities

Vulnerabilities for packages: openstack-keystone-2025.1, datadog-agent, superset, openstack-horizon-2025.1-fips, superset-fips, openstack-glance-2025.1-fips, airflow-core, openstack-keystone-2026.1, metaflow-service-fips, openstack-glance-2026.1, openstack-keystone-2026.1-fips,...

5.8AI score

Exploits0

NVD•added 2026/06/16 5:16 p.m.•11 views

CVE-2026-12003

5.3CVSS0.00136EPSS

Exploits0References8

OSV•added 2026/06/16 5:16 p.m.•3 views

UBUNTU-CVE-2026-12003

5.3CVSS5.8AI score0.00136EPSS

Exploits0References2

OSV•added 2026/06/16 3:18 p.m.•5 views

PSF-2026-28

5.3CVSS5.4AI score0.00136EPSS

Exploits0References7

Cvelist•added 2026/06/16 3:18 p.m.•27 views

CVE-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

5.3CVSS0.00136EPSS

Exploits0References7

Positive Technologies•added 2026/06/16 12:0 a.m.•13 views

PT-2026-50139

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description The /api/v1/monitor router exposes seven endpoints that allow read, write, and delete operations on user-owned resources, including messages, sessions, build artifacts, and LLM transaction logs. The...

8.8CVSS5.9AI score0.00245EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by