CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22171 matches found

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-44142

Description SymfonyComponentCacheAdapterPdoAdapter is the PDO-backed cache adapter. Its clear$prefix method inherited from AbstractAdapterTrait is documented to delete cache items whose key starts with $prefix. In the non-versioning code path, the caller-supplied $prefix is concatenated into...

7.1CVSS6AI score

Exploits0References7

VulnCheck KEV•added 2026/05/27 12:0 a.m.•15 views

VulnCheck KEV: CVE-2026-45321

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS7.5AI score0.17051EPSS

In wildExploits3References4

UbuntuCve•added 2026/05/27 12:0 a.m.•5 views

CVE-2026-45862

iommu/vt-d: Flush cache for PASID table before using it...

7.8CVSS5.8AI score0.00013EPSS

Exploits0References2

CNNVD•added 2026/05/27 12:0 a.m.•7 views

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from the failure to...

4.2CVSS5.8AI score0.00037EPSS

Exploits0References3

UbuntuCve•added 2026/05/27 12:0 a.m.•8 views

CVE-2026-45892

ext4: drop extent cache after doing PARTIALVALID1 zeroout...

5.8AI score0.00032EPSS

Exploits0References2

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43546

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify ccss and /wp-json/litespeed/v1/notify ucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept CSS content from QUIC.cloud callback...

7.2CVSS5.8AI score0.00086EPSS

Exploits0References9

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43766

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 file system where a failure during the split extent process may cause the system to return an error immediately while some extents are still being processed...

5.4AI score0.00032EPSS

Exploits0References16

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43874

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description In the hwmon powerz component, a DMA buffer may share a cacheline with a mutex depending on the architecture. This cacheline...

9.8CVSS5.8AI score0.00254EPSS

Exploits12References280

Exploit DB•added 2026/05/27 12:0 a.m.•42 views

Linux Kernel - Local Privilege Escalation

Titles: Linux Kernel Local Privilege Escalation CVE-2026-43284 / CVE-2026-43500 Author: nu11secur1ty Date: 2026-05-11 Vendor: Linux Kernel Software: Linux Kernel All major distributions Vulnerability Type: Page-Cache Write / Memory Corruption Status: HIGH / CRITICAL --- Description The "Kukurigu"...

8.8CVSS6AI score0.40266EPSS

Exploits31

RedhatCVE•added 2026/05/26 8:14 p.m.•13 views

CVE-2026-47066

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

8.7CVSS6AI score0.00049EPSS

Exploits1References1

NVD•added 2026/05/26 5:16 p.m.•9 views

CVE-2026-48901

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

7.5CVSS0.00002EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 4:58 p.m.•7 views

CVE-2026-8854

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modmemcache...

7.5CVSS5.8AI score0.00018EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/26 4:58 p.m.•32 views

CVE-2026-8854 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modmemcache...

7.5CVSS0.00018EPSS

Exploits0References1

EUVD•added 2026/05/26 4:58 p.m.•8 views

EUVD-2026-31904

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modmemcache...

7.5CVSS5.8AI score0.00018EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 4:42 p.m.•4 views

CVE-2026-48901

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

5.8AI score0.00002EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/26 4:42 p.m.•6 views

EUVD-2026-31871

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

5.8AI score0.00002EPSS

Exploits0References1

CVE•added 2026/05/26 4:42 p.m.•11 views

CVE-2026-48901

The CVE-2026-48901 entry concerns Joomla! Core: the InputFilter::getInstance() method omits a security‑sensitive parameter from the instance cache key, enabling an issue in cache key construction. Affected component is the InputFilter object (core). The published metrics indicate a high impact on...

7.5CVSS5.8AI score0.00002EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/26 4:42 p.m.•37 views

CVE-2026-48901 Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

0.00002EPSS

Exploits0References1