CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1338 matches found

CVE-2026-12112

A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of authenticated client connections, by trusting a non-secret session ID without re-validating...

7.8CVSS5.9AI score

Exploits0References4

RedhatCVE•added yesterday•4 views

CVE-2026-12112

7.8CVSS5.8AI score

Exploits0References3

CVE•added yesterday•10 views

CVE-2026-54321

CVE-2026-54321 (Daytona) : Sandboxes that were switched from public to private could remain reachable without authentication for a short period due to a cached visibility state not invalidated on change. This affected Daytona versions 0.101.0 through 0.184.0 and allowed unauthenticated access to ...

7CVSS6.3AI score0.00207EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•3 views

CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS5.9AI score0.00118EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2 days ago•3 views

CVE-2026-54267

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS5.8AI score0.00305EPSS

Exploits0References4Affected Software1

NVD•added 2 days ago•7 views

CVE-2026-9162

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...

4.3CVSS0.00202EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•5 views

CVE-2026-9162

4.3CVSS5.9AI score0.00202EPSS

Exploits0References2Affected Software1

EUVD•added 2 days ago•7 views

EUVD-2026-38247

4.3CVSS5.9AI score0.00202EPSS

Exploits0References1

CVE•added 2 days ago•9 views

CVE-2026-9162

Mattermost vulnerability CVE-2026-9162 affects Mattermost versions 11.7.x ≤ 11.7.0, 11.6.x ≤ 11.6.2, 11.5.x ≤ 11.5.5, 10.11.x ≤ 10.11.17. The issue: global session revocation does not invalidate cached authentication state for active WebSocket connections, allowing a user with an existing WebSock...

4.3CVSS5.9AI score0.00202EPSS

Exploits0References1Affected Software1

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in Firefox

One phishing tactic on the internet involves providing a link with HTTP Auth. For example, it might look like “https://[email protected]”. To mitigate this type of attack, Firefox will display a warning dialog box. However, this warning dialog would not be shown if evil.com used a...

8.8CVSS8.2AI score0.01013EPSS

Exploits0References1

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ovl: fixed null pointer dereference in ovlgetaclrcu The following processes are involved: P1 P2 pathopenat linkpathwalk maylookup inodepermissionrcu ovlpermission aclpermissioncheck checkacl getcachedaclrcu ovlget inodeacl...

5.3AI score0.00163EPSS

Exploits0References2

Snyk•added 2026/06/15 5:13 p.m.•3 views

Use of Cache Containing Sensitive Information

Overview @angular/service-worker is an Angular - service worker tooling! Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the request reconstruction. An attacker can access sensitive session data or cached private resources by exploiting the...

6.9CVSS5.8AI score0.00118EPSS

Exploits0References2

Snyk•added 2026/06/15 4:51 p.m.•7 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information via the HttpTransferCache utility. An attacker can access sensitive user-specific information by making requests to pages that have been cached by a shared caching layer after another user h...

8.2CVSS5.8AI score0.00303EPSS

Exploits0References2

Tenable Nessus•added 2026/06/14 12:0 a.m.•4 views

Fedora 44 : dnsdist (2026-51cdd1292b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-51cdd1292b advisory. Bug Fixes: CVE-2026-33254: An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdi...

9.1CVSS6AI score0.01073EPSS

Exploits0References12

SUSE CVE•added 2026/06/09 2:20 a.m.•5 views

SUSE CVE-2026-46309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

5.5CVSS5.4AI score0.00164EPSS

Exploits0References3

NVD•added 2026/06/08 5:16 p.m.•10 views

CVE-2026-46309

0.00164EPSS

Exploits0References3