CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42945 matches found

BIT-NODE-MIN-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.8AI score0.00201EPSS

Exploits0References3

OSV•added yesterday•4 views

BIT-NODE-2026-48617

1.8CVSS5.9AI score0.00201EPSS

Exploits0References3

NVD•added yesterday•4 views

CVE-2026-10521

An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability...

8.6CVSS0.00306EPSS

Exploits0References1

EUVD•added yesterday•7 views

EUVD-2026-38422

8.6CVSS6AI score0.00306EPSS

Exploits0References1

Nuclei•added yesterday•33 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.01872EPSS

Exploits0References1

Nuclei•added yesterday•151 views

SAP Memory Pipes (MPI) Desynchronization

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This...

10CVSS7.7AI score0.97945EPSS

Exploits8References5

RedhatCVE•added yesterday•9 views

CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

5CVSS5.7AI score0.0009EPSS

Exploits0References3

RedhatCVE•added 2 days ago•5 views

CVE-2026-52911

A flaw was found in the ksmbd component of the Linux kernel. This vulnerability allows an attacker to gain unauthorized access to session information or resources by exploiting an improper scope in the session binding mechanism. This could potentially compromise the integrity or confidentiality o...

5.8AI score0.00176EPSS

Exploits0References4

Nuclei•added 2 days ago•492 views

Javafaces LFI

An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware...

5CVSS5.9AI score0.32441EPSS

Exploits0References5

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in the Ansible Engine when using the moduleargs feature. Tasks executed with the --check-mode option do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The greatest threat posed by this vulnerability is...

5.5CVSS6.8AI score0.00407EPSS

Exploits0References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in TIF format

An integer overflow flaw was discovered in libtiff, which resides in the tifgetimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The greatest threat posed by this vulnerability relates to confidentiality, integrity, and system...

7.8CVSS7.5AI score0.01922EPSS

Exploits0References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in openjpeg2

A flaw was discovered in OpenJPEG’s encoder. This flaw allows an attacker to provide specially crafted x,y offset inputs to OpenJPEG during encoding. The greatest threat of this vulnerability is to confidentiality, integrity, and system availability...

7.8CVSS7AI score0.01107EPSS

Exploits0References1

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick in versions prior to 7.0.11. There is a potential for a cipher leak when calculating signatures using TransformSignature. The greatest threat of this vulnerability is related to data confidentiality...

7.5CVSS6.7AI score0.01782EPSS

Exploits0References2

AstraLinux•added 5 days ago•16 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The Setparamprefix function in the menu rendering code performs a length calculation based on the assumption that expressing a single quoted character would require 3 characters. However, in reality, it requires 4 characters. This allows a...

8.2CVSS6.8AI score0.0061EPSS

Exploits0References2

EUVD•added 6 days ago•10 views

EUVD-2026-37929

setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...

6.9CVSS5.4AI score0.00125EPSS

Exploits0References1

IBM Security Bulletins•added 6 days ago•51 views

Security Bulletin: Dirty COW Vulnerability (CVE-2016-5195)

Question Security Bulletin: Dirty COW Vulnerability CVE-2016-5195 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

7.2CVSS7.1AI score0.83524EPSS

Exploits80Affected Software1

OSV•added 6 days ago•3 views

ALPINE-CVE-2026-48617

1.8CVSS5.9AI score0.00201EPSS

Exploits0References1

NVD•added 6 days ago•9 views

CVE-2026-48617

1.8CVSS0.00201EPSS

Exploits0References2