CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

940 matches found

CVE•added 2026/01/14 7:7 p.m.•39 views

CVE-2026-22036

Undici (HTTP/1.1 client for Node.js) contains a vulnerability in its decompression chain handling. Before versions 7.18.0 and 6.23.0, the chain can have an unbounded number of links, and the default maxHeaderSize allows a malicious server to insert thousands of compression steps, causing high CPU...

7.5CVSS6.3AI score0.00433EPSS

Exploits0References2Affected Software1

GithubExploit•added 2026/01/14 2:24 p.m.•137 views

exploit-chain-generator

Exploit Chain Generator Turn Noise into Signal: Correlate...

7.2AI score

Exploits0

HackRead•added 2026/01/14 2:0 p.m.•5 views

Survey: Rapid AI Adoption Causes Major Cyber Risk Visibility Gaps

As software supply chains become longer and more interconnected, enterprises have become well aware of the need to…...

7.1AI score

Exploits0

NVD•added 2026/01/13 4:15 p.m.•5 views

CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

0.00173EPSS

Exploits0References7

AstraLinux•added 2026/01/13 2:1 p.m.•3 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffer filter, where the next BIO performs short writes, can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption, typically resulting in a crash, leading to a...

4.7CVSS7.3AI score0.00152EPSS

Exploits1References3

GithubExploit•added 2026/01/09 4:16 p.m.•181 views

Realworld-for-Application_FUGIO_FirstFrameworkFuzzingDetectPOI

FUGIO Production Guide Introduction FUGIO is the firs...

7.5AI score

Exploits0

OSV•added 2026/01/07 9:16 p.m.•1 views

CVE-2026-22187

Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...

7.8CVSS6.3AI score

Exploits0References3

Positive Technologies•added 2026/01/01 12:0 a.m.•3 views

PT-2026-1005

CVE-2025-34464 + CVE-2025-34465 reserved for preauth exploit-chains among the last of the year 🥳 Thanks to @catc0n & @VulnCheckAI !...

6.9AI score

Exploits0References1

Positive Technologies•added 2026/01/01 12:0 a.m.•3 views

PT-2026-7113

Name of the Vulnerable Software and Affected Versions Recursor affected versions not specified Description Improperly crafted zones may cause increased resource consumption. Additionally, crafted CNAME chains can lead to cache poisoning within the Recursor. Recommendations At the moment, there is...

5.3CVSS5.4AI score0.00407EPSS

Exploits0References13

Positive Technologies•added 2026/01/01 12:0 a.m.•4 views

PT-2026-1006

CVE-2025-34464 + CVE-2025-34465 reserved for preauth exploit-chains among the last of the year 🥳 Thanks to @catc0n & @VulnCheckAI !...

6.9AI score

Exploits0References1

OSSF Malicious Packages•added 2025/12/30 5:11 p.m.•5 views

Malicious code in chai-promised-chains (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0956a62fcaae7fb3ed4d8d30007bc025850ba1f4915e2a816c0602f6d24f2135 The package chai-promised-chains was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References1

EUVD•added 2025/12/30 5:11 p.m.•3 views

EUVD-2025-205824

Malicious code in chai-promised-chains npm...

6.6AI score

Exploits0References1

Snyk•added 2025/12/30 5:11 p.m.•2 views

Malicious Package

Overview chai-promised-chains is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score

Exploits0References2

OSV•added 2025/12/30 5:11 p.m.•2 views

MAL-2025-192984 Malicious code in chai-promised-chains (npm)

6.8AI score

Exploits0References1

OSV•added 2025/12/30 12:16 p.m.•2 views

OESA-2025-2866 golang security update

. Security Fixes: crypto/x509: Exclude subdomain constraints do not restrict wildcard SANs Exclude subdomain constraints in certificate chains do not restrict the use of wildcard SANs in leaf certificates. For example, excluding the constraint on the subdomain test.example.com does not prevent th...

6.5CVSS6.8AI score0.0027EPSS

Exploits0References2

OSV•added 2025/12/30 12:16 p.m.•2 views

OESA-2025-2865 golang security update

7.5CVSS6.7AI score0.00451EPSS

Exploits2References3

OSV•added 2025/12/30 12:16 p.m.•2 views

OESA-2025-2864 golang security update

6.5CVSS6.8AI score0.0027EPSS

Exploits0References2

EUVD•added 2025/12/23 6:26 p.m.•3 views

EUVD-2025-204875

Malicious code in chai-async-chains npm...

6.6AI score

Exploits0References1

Snyk•added 2025/12/23 6:26 p.m.•2 views

Malicious Package

Overview chai-async-chains is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score

Exploits0References2

OSSF Malicious Packages•added 2025/12/23 6:26 p.m.•7 views

Malicious code in chai-async-chains (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3dfd7db9210fae054def8abcb6989e1158a4774dbec18c08ac6eebcbf95ef753 The package chai-async-chains was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by