CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

206 matches found

CVE•added 2026/06/15 6:45 p.m.•13 views

CVE-2026-49953

Discuz! X5.0 (builds 20260320–20260610) contains a CAPTCHA bypass vulnerability where limited complexity and predictable character sets in generated CAPTCHA images enable unauthenticated remote attackers to reliably predict challenge text via OCR, bypassing protections on login, registration and ...

6.9CVSS5.3AI score0.00359EPSS

Exploits0References4

AlpineLinux•added 2026/06/12 5:34 p.m.•9 views

CVE-2026-44172

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.8CVSS5.5AI score0.00502EPSS

Exploits0

Tenable Nessus•added 2026/05/11 12:0 a.m.•5 views

Unity Linux 20.1060e / 20.1070e Security Update: aspell (UTSA-2026-017600)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017600 advisory. libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the...

9.1CVSS6AI score0.01739EPSS

Exploits0References4

SUSE CVE•added 2026/03/31 11:29 p.m.•5 views

SUSE CVE-2026-4046

The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and...

7.5CVSS5.8AI score0.00357EPSS

Exploits1References22

OSV•added 2026/03/11 12:0 p.m.•7 views

RUSTSEC-2026-0174 `Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants

Authorization::value uses HeaderValue::value with the claim that the internal string is ASCII, but Authorization::new and Authorization::setcredentials accept arbitrary String credentials without validation. As a result, safe code can construct a header value containing non-ASCII UTF-8 while the...

5.7AI score

Exploits0References3

NVD•added 2026/02/06 9:16 p.m.•8 views

CVE-2026-25581

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

5.4CVSS0.00216EPSS

Exploits1References2

Positive Technologies•added 2026/02/06 12:0 a.m.•6 views

PT-2026-6845

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

5.4CVSS5.4AI score0.00216EPSS

Exploits1References5

Tenable Nessus•added 2026/01/15 12:0 a.m.•3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003478 advisory. Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set...

4.7CVSS6.8AI score0.00269EPSS

Exploits0References14

RedhatCVE•added 2026/01/09 9:51 a.m.•9 views

CVE-2020-10113

cPanel before 84.0.20 allows self XSS via a temporary character-set specification SEC-515...

6.1CVSS5.8AI score0.00641EPSS

Exploits0References1

Tenable Nessus•added 2025/11/20 12:0 a.m.•5 views

TencentOS Server 4: xterm (TSSA-2025:0133)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0133 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS7AI score0.00734EPSS

Exploits0References2

Tenable Nessus•added 2025/10/30 12:0 a.m.•5 views

FreeBSD : ISC KEA -- Invalid characters cause assert (55c4e822-b4e4-11f0-8438-001b217e4ee5)

"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 55c4e822-b4e4-11f0-8438-001b217e4ee5 advisory. Internet Systems Consortium, Inc. reports: To trigger the issue, three configuration parameters must...

7.5CVSS5.5AI score0.00339EPSS

Exploits0References3

CVE•added 2025/10/29 6:2 p.m.•25 views

CVE-2025-11232

Kea DHCP (ISC) vulnerability CVE-2025-11232 affects Kea 3.0.1 and 3.1.1–3.1.2. The root cause is an assertion triggered by three specific default config values: hostname-char-set uses the default [^A-Za-z0-9.-], hostname-char-replacement is empty, and ddns-qualifying-suffix is non-empty. When a c...

7.5CVSS6.6AI score0.00339EPSS

Exploits0References2

Positive Technologies•added 2025/10/29 12:0 a.m.•5 views

PT-2025-44333

Name of the Vulnerable Software and Affected Versions Kea versions 3.0.1 through 3.0.1 Kea versions 3.1.1 through 3.1.2 Description The software can exit unexpectedly when receiving certain option content from a client if three configuration parameters are set to specific values. Specifically, th...

7.8CVSS6.5AI score0.0105EPSS

Exploits0References27

FreeBSD•added 2025/10/29 12:0 a.m.•6 views

ISC KEA -- Invalid characters cause assert

Internet Systems Consortium, Inc. reports: To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must N...

7.5CVSS7AI score0.00339EPSS

Exploits0References1