CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13527 matches found

Github Security Blog•added 2026/04/24 8:42 p.m.•5 views

gitverify has improper tag signature verification

gitverify is still a prototype. Impact The bug is related to requireSignedTags which is on by default: an unsigned annotated tag would pass the verification. The commit pointed to by the tag would still have to be signed by a maintainer or a contributor. Patches Since the initial commit, fixed in...

5.3AI score

Exploits0References3Affected Software1

Snyk•added 2026/04/24 2:36 a.m.•3 views

Origin Validation Error

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error via the Slack thread context. An attacker can inject unauthorized messages into the agent context by replying to allowlisted users in Slack threads, thereby...

5.4CVSS5.4AI score0.00017EPSS

Exploits0References2

SUSE CVE•added 2026/04/23 1:26 a.m.•2 views

SUSE CVE-2026-31445

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half-online-committed context One major usage of damoncall is online DAMON parameters update. It is done by calling damoncommitctx inside the damoncall callback function. damoncommitctx can fail for tw...

5.6AI score0.00015EPSS

Exploits0References3

SUSE CVE•added 2026/04/23 1:26 a.m.•2 views

SUSE CVE-2026-31450

In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initialization ext4inodeattachjinode publishes ei-jinode to concurrent users. It used to set ei-jinode before jbd2journalinitjbdinode, allowing a reader to observe a non-NULL jinode with ivfsinode still...

5.6AI score0.00071EPSS

Exploits0References3

SUSE CVE•added 2026/04/23 1:25 a.m.•3 views

SUSE CVE-2026-31488

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mode changes in DSC validation Starting with commit 17ce8a6907f7 "drm/amd/display: Add dsc pre-validation in atomic check", amdgpu resets the CRTC state modechanged flag to false when...

6.4CVSS5.6AI score0.00015EPSS

Exploits0References13

CVE•added 2026/04/23 12:9 a.m.•9 views

CVE-2026-41243

OpenLearn's OpenLearn project has a vulnerability CVE-2026-41243 where, prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, enabling safeMode does not prevent public access to unapproved posts via direct post UUID. The post-read path still returns full content to anyone who has the UUID, ev...

6.9CVSS5.7AI score0.00036EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/04/23 12:9 a.m.•26 views

CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS0.00036EPSS

Exploits1References2

Packet Storm News•added 2026/04/23 12:0 a.m.•2 views

CrossCommitVuln-Bench: A Dataset of Multi-Commit Python Vulnerabilities Invisible to Per-Commit Static Analysis

We present CrossCommitVuln-Bench, a curated benchmark of 15 real-world Python vulnerabilities CVEs in which the exploitable condition was introduced across multiple commits - each individually benign to per-commit static analysis - but collectively critical. We manually annotate each CVE with its...

5.4AI score

Exploits0

Tenable Nessus•added 2026/04/23 12:0 a.m.•1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-014266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014266 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens ...

8.2CVSS6.2AI score0.00034EPSS

Exploits0References4

Positive Technologies•added 2026/04/23 12:0 a.m.•2 views

PT-2026-34803

Name of the Vulnerable Software and Affected Versions melange versions 0.32.0 through 0.43.3 Description An attacker capable of influencing a configuration file, such as in build-as-a-service or pull-request-driven CI scenarios, can manipulate the pipeline.uses variable to include absolute paths ...

6.1CVSS5.7AI score0.00015EPSS

Exploits0References8

Positive Technologies•added 2026/04/23 12:0 a.m.•3 views

PT-2026-34605

6.9CVSS5.7AI score0.00036EPSS

Exploits1References3

Tenable Nessus•added 2026/04/23 12:0 a.m.•5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: jq (UTSA-2026-014275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014275 advisory. jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions,...

8.2CVSS6AI score0.00025EPSS

Exploits1References4

Snyk•added 2026/04/22 5:6 p.m.•3 views

Active Debug Code

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php file. An attacker can obtain sensitive information, including developer email addresses, deployed commit hashes, and commit...

6.9CVSS5.5AI score0.00088EPSS

Exploits1References2