CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2 days ago•6 views

CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS0.00047EPSS

CVE•added 2 days ago•7 views

CVE-2026-10729

The CVE-2026-10729 entry covers an HTML injection vulnerability in Thinkst Applied Research Canarytokens specifically in the notification email delivery. Affected component: Canarytokens notification emails that render HTML. Root cause described: HTML injection can enable Interface Manipulation a...

2.1CVSS5.8AI score0.00047EPSS

Nuclei•added 2 days ago•190 views

ShellShock - Remote Code Execution

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...

10CVSS7.8AI score0.9422EPSS

Exploits139References5

Fedora•added 5 days ago•10 views

[SECURITY] Fedora 43 Update: netatalk-4.4.3-1.fc43

Netatalk is a freely-available Open Source AFP file server. A NIX/BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server AFP. In addition to the AFP file server daemon, the following utility programs are also included: ad - AppleDouble...

9.9CVSS5.8AI score0.00256EPSS

Exploits0

Fedora•added 5 days ago•12 views

[SECURITY] Fedora 44 Update: perl-libwww-perl-6.83-1.fc44

The libwww-perl collection is a set of Perl modules which provides a simple a nd consistent application programming interface to the World-Wide Web. The main focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contain modules that are of...

6.5CVSS5.8AI score0.00033EPSS

Exploits0

RedhatCVE•added last week•9 views

CVE-2026-9137

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

7.5CVSS5.7AI score0.00052EPSS

IBM Security Bulletins•added last week•6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses kafka-clients-3.9.1.jar which is vulnerable to CVE-2026-35554

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses kafka-clients-3.9.1.jar which is vulnerable to CVE-2026-35554.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache...

8.7CVSS6AI score0.00025EPSS

Exploits0Affected Software1

SUSE CVE•added 2026/05/29 1:23 a.m.•9 views

SUSE CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

7.5CVSS5.8AI score0.00044EPSS

OSV•added 2026/05/28 5:16 p.m.•3 views

DEBIAN-CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

ATTACKERKB•added 2026/05/28 3:50 p.m.•3 views

CVE-2026-45076

Exploits0References2Affected Software1

Debian CVE•added 2026/05/28 3:50 p.m.•3 views

CVE-2026-45076

Vulnrichment•added 2026/05/28 3:50 p.m.•3 views

Exploits0

CVE-2026-45076 Synapse pagination denial of service

Vulnrichment•added 2026/05/28 4:27 a.m.•4 views

CVE-2026-9796 Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability

A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...

6.5CVSS5.8AI score0.00027EPSS

Exploits0References2

Cvelist•added 2026/05/28 4:27 a.m.•28 views

CVE-2026-9796 Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability

6.5CVSS0.00027EPSS

Exploits0References2

EUVD•added 2026/05/28 4:27 a.m.•6 views

EUVD-2026-32716

6.5CVSS5.8AI score0.00027EPSS

Exploits0References2

CVE•added 2026/05/28 4:27 a.m.•18 views

CVE-2026-9796

This CVE (CVE-2026-9796) affects Keycloak. An authenticated administrator with the manage-clients role can trigger a TOCTOU flaw in the name-based admin role checks, allowing escalation to realm-admin for all users in the realm. The compromised composite role relationship persists after the attac...

6.5CVSS5.8AI score0.00027EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/05/28 4:27 a.m.•5 views

CVE-2026-9796

6.5CVSS5.7AI score0.00027EPSS

SUSE CVE•added 2026/05/28 3:57 a.m.•6 views

SUSE CVE-2026-45877

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtpbusremoveallclients During a warm reset flow, the cl-device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl-device-referencecount witho...

5.7AI score0.00023EPSS