CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 3 days ago•5 views

CVE-2019-25723

Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...

6.3CVSS5.8AI score0.00043EPSS

Exploits0References3Affected Software1

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Hub – Ignoring non-compliant devices with too many configurations or interfaces Robert Morris created a test program that can cause usbhubtostructhub to dereference a NULL or inappropriate pointer. Oops: General Protection...

5.5CVSS6.4AI score0.00015EPSS

RedhatCVE•added 2026/05/15 2:2 p.m.•6 views

CVE-2026-43964

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

7.5CVSS6AI score0.00068EPSS

Exploits0References4

Fedora•added 2026/04/30 12:54 a.m.•5 views

[SECURITY] Fedora 44 Update: dokuwiki-20250514b-5.fc44

DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creati ng documentation of any kind. It has a simple but powerful syntax which makes su re the data-files remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...

7.5CVSS5.3AI score0.00051EPSS

Exploits1

Packet Storm News•added 2026/04/18 12:0 a.m.•5 views

Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways

We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...

6AI score

OSV•added 2026/03/06 8:36 a.m.•3 views

BIT-ACTIVEMQ-2025-66168 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

8.8CVSS5.8AI score0.00076EPSS

Exploits0References5

Tenable Nessus•added 2026/03/05 12:0 a.m.•2 views

Apache ActiveMQ < 5.19.2 / 6.0.x < 6.1.9 / 6.2.0 MQTT Control Packet Validation Vulnerability (CVE-2025-66168)

The version of Apache ActiveMQ running on the remote host is prior to 5.19.2, 6.0.x prior to 6.1.9, or 6.2.0. It is, therefore, affected by a vulnerability: - Apache ActiveMQ does not properly validate the remaining length field in MQTT control packets which may lead to an integer overflow during...

8.8CVSS6.2AI score0.00076EPSS

OSV•added 2026/03/04 9:31 a.m.•2 views

GHSA-C825-6PH3-4H84 Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...

5.4CVSS5.9AI score0.00076EPSS

Exploits0References6

Debian CVE•added 2026/03/04 8:45 a.m.•2 views

CVE-2025-66168

8.8CVSS5.7AI score0.00076EPSS

Packet Storm News•added 2026/01/02 12:0 a.m.•2 views

GNU Privacy Guard 2.4.9

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

6.9AI score

Snyk•added 2025/11/24 11:34 p.m.•1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...

Snyk•added 2025/11/24 11:34 p.m.•1 views

Improper Verification of Cryptographic Signature

Snyk•added 2025/11/24 11:34 p.m.•1 views

Improper Verification of Cryptographic Signature

OSV•added 2025/11/24 11:34 p.m.•1 views

GHSA-XQ4H-WQM2-668W Babylon's BIP322 signature implementation is not fully compliant to the spec

Summary The BIP-322 signature verification does not enforce the SIGHASH value to be SIGHASHALL, and therefore is not strictly following the spec. Impact Non-compliant BIP-322 signatures in proof of possessions can be accepted by the chain...

Packet Storm News•added 2025/11/06 12:0 a.m.•4 views

Exploits0References4

Zero Trust Security Model Implementation in Microservices Architectures Using Identity Federation

The microservice bombshells that have been linked with the microservice expansion have altered the application architectures, offered agility and scalability in terms of complexity in security trade-offs. Feeble legacy-based perimeter-based policies are unable to offer safeguard to distributed...

6.9AI score