CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22323 matches found

Github Security Blog•added 2026/04/08 7:53 p.m.•7 views

mercure has Topic Selector Cache Key Collision

Impact A cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to unauthorized subscribers or blocking delivery to authorized ones. The cache key was constructed by concatenating the topic...

7.1CVSS5.8AI score0.00036EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/08 7:53 p.m.•1 views

GHSA-HWR4-MQ23-WCV5 mercure has Topic Selector Cache Key Collision

7.1CVSS5.8AI score0.00036EPSS

Exploits0References5

EUVD•added 2026/04/08 7:15 p.m.•2 views

EUVD-2026-20487

CI4MS Vulnerable to Post-Installation Re-entry via Cache-Dependent Install Guard Bypass...

8.1CVSS5.9AI score0.00053EPSS

Exploits1References3

Github Security Blog•added 2026/04/08 7:15 p.m.•4 views

CI4MS Vulnerable to Post-Installation Re-entry via Cache-Dependent Install Guard Bypass

Summary The install route guard in ci4ms relies solely on a volatile cache check cache'settings' combined with .env file existence to block post-installation access to the setup wizard. When the database is temporarily unreachable during a cache miss TTL expiry or admin-triggered cache clear, the...

8.1CVSS6AI score0.00053EPSS

Exploits1References4Affected Software1

Snyk•added 2026/04/08 7:15 p.m.•1 views

Missing Authentication for Critical Function

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the install route guard process when the database is temporarily unreachable and the cache is empty. An attacker can gain...

9.2CVSS5.9AI score0.00053EPSS

Exploits1References2

OSV•added 2026/04/08 7:15 p.m.•1 views

GHSA-8RH5-4MVX-XJ7J CI4MS Vulnerable to Post-Installation Re-entry via Cache-Dependent Install Guard Bypass

8.1CVSS6AI score0.00053EPSS

Exploits1References4

EUVD•added 2026/04/08 6:34 p.m.•1 views

EUVD-2026-20517

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An...

5.2CVSS5.9AI score0.0001EPSS

Exploits0References3

NVD•added 2026/04/08 6:26 p.m.•2 views

CVE-2026-32591

5.5CVSS0.0001EPSS

Exploits0References3

RedHat Linux•added 2026/04/08 6:17 p.m.•8 views

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

9.8CVSS5.9AI score0.00019EPSS

Exploits0References9

CVE•added 2026/04/08 5:6 p.m.•7 views

CVE-2026-32591

The CVE-2026-32591 issue affects Red Hat Quay’s Proxy Cache feature. When an organization administrator configures an upstream registry for proxy caching, Quay opens a network connection to the specified registry hostname without validating that it points to a legitimate external service. An atta...

5.5CVSS5.9AI score0.0001EPSS

Exploits0References3Affected Software2

Cvelist•added 2026/04/08 5:6 p.m.•26 views

CVE-2026-32591 Mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration

5.2CVSS0.0001EPSS

Exploits0References3

RedhatCVE•added 2026/04/08 5:6 p.m.•4 views

CVE-2026-32591

5.5CVSS5.9AI score0.0001EPSS

Exploits0References3

ATTACKERKB•added 2026/04/08 5:6 p.m.•3 views

CVE-2026-32591

5.5CVSS5.8AI score0.0001EPSS

Exploits0References5

EUVD•added 2026/04/08 3:31 p.m.•3 views

EUVD-2025-209294

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

9.3CVSS5.9AI score0.00011EPSS

Exploits0References4

NVD•added 2026/04/08 3:16 p.m.•0 views

CVE-2026-39393

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check cache'settings' combined with .env file existence to block...

8.1CVSS0.00053EPSS

Exploits1References1

NVD•added 2026/04/08 3:16 p.m.•4 views

CVE-2026-39394

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which...

9.8CVSS0.00032EPSS

Exploits1References1

Github Security Blog•added 2026/04/08 3:4 p.m.•6 views

kcp's cache server is accessible without authentication or authorization checks

Summary The cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard to read and write to the cache server. Details The cache server is routed in the pre-mux chain in the shard code. The...

9.1CVSS5.9AI score0.00114EPSS

Exploits1References5Affected Software1

OSV•added 2026/04/08 3:4 p.m.•3 views

GHSA-3J3Q-WP9X-585P kcp's cache server is accessible without authentication or authorization checks

8.2CVSS5.8AI score0.00114EPSS

Exploits1References5

EUVD•added 2026/04/08 3:4 p.m.•3 views

EUVD-2026-20607

kcp's cache server is accessible without authentication or authorization checks...

8.2CVSS5.9AI score0.00114EPSS

Exploits1References3