CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: iommu: Fixed potential use-after-free during probe Kasan has reported the following use-after-free on dev-iommu. When a device probe fails and the dev-iommu is being freed, the deferredprobeworkfunc function runs in parallel a...

7.8CVSS6.3AI score0.00019EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: backlight: pm8941: Add a NULL check in wledconfigure. The devmkasprintf function returns NULL when memory allocation fails. Currently, wledconfigure does not check for this case, resulting in a NULL pointer being dereferenced. Ad...

5.5CVSS6.2AI score0.0014EPSS

Vulnrichment•added 2026/05/18 8:9 a.m.•5 views

CVE-2026-3117 Instance and webhook GitLab plugin commands were able to be run by non-admin users

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

6.5CVSS5.8AI score0.00035EPSS

ATTACKERKB•added 2026/05/08 12:0 a.m.•5 views

CVE-2026-38361

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, dashuploader/upload.py in the Upload function and maxfilesize parameter, dashuploader/configureupload.py components...

6.2AI score0.00588EPSS

Exploits5References10

Snyk•added 2026/05/04 7:29 p.m.•6 views

Missing Authentication for Critical Function

Overview arelle-release is an An open source XBRL platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the plugins parameter in the /rest/configure endpoint, which is processed without authentication or authorization. An attacker can execu...

9.8CVSS6.2AI score0.00487EPSS

Cvelist•added 2026/05/04 5:19 p.m.•24 views

CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS0.00487EPSS

EUVD•added 2026/05/04 5:19 p.m.•1 views

EUVD-2026-27079

9.8CVSS6.5AI score0.00487EPSS

Vulnrichment•added 2026/05/04 5:19 p.m.•1 views

CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure

9.8CVSS6.5AI score0.00487EPSS

CNNVD•added 2026/05/04 12:0 a.m.•3 views

Arelle 访问控制错误漏洞

Arelle is an open-source XBRL platform developed by Arelle Open Source. It supports data validation and integration. Versions of Arelle prior to 2.39.10 contained a security vulnerability related to access control. This vulnerability stemmed from the /rest/configure REST endpoint accepting plugin...

9.8CVSS6.2AI score0.00487EPSS

Positive Technologies•added 2026/05/04 12:0 a.m.•3 views

PT-2026-36887

Name of the Vulnerable Software and Affected Versions Arelle versions prior to 2.39.10 Description An unauthenticated remote code execution issue exists in the '/rest/configure' REST endpoint. The endpoint accepts a plugins query parameter and forwards it to the plugin manager without requiring...

9.8CVSS6.5AI score0.00487EPSS

Exploits0References14

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngenecommandconfigfreebuf Fix an 11-year old bug in ngenecommandconfigfreebuf while addressing the following warnings caught with -Warray-bounds: arch/alpha/include/asm/string.h:22:16:...

7.1CVSS6.7AI score0.00008EPSS

Github Security Blog•added 2026/04/29 3:30 p.m.•9 views

Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file

Jenkins HTML Publisher Plugin versoins 427 and earlier do not escape the job name and URL in the legacy wrapper file. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. HTML Publisher Plugin 427.1 escapes job name and URL when...

8CVSS5.9AI score0.00051EPSS

Exploits0References3Affected Software1

OSV•added 2026/04/29 3:30 p.m.•2 views

GHSA-F8H4-46XV-H7JJ Jenkins HTML Publisher Plugin has a XSS vulnerability in the legacy wrapper file

8CVSS5.9AI score0.00051EPSS

Github Security Blog•added 2026/04/29 3:30 p.m.•5 views

Jenkins Matrix Authorization Strategy Plugin: Unsafe deserialization allows invocation of parameterless constructors

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 both inclusive invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated. This can be abused by attackers with...

6.5CVSS5.9AI score0.00085EPSS

Exploits0References3Affected Software1

NVD•added 2026/04/29 2:16 p.m.•1 views

CVE-2026-42524

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

8CVSS0.00051EPSS

EUVD•added 2026/04/29 1:31 p.m.•1 views

EUVD-2026-26226

8CVSS4.8AI score0.00051EPSS