CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

4.8CVSS5.8AI score0.00249EPSS

Exploits0References4

SUSE CVE•added 2026/06/04 2:21 a.m.•5 views

SUSE CVE-2026-46256

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

5.8AI score0.00099EPSS

Exploits0References3

RedhatCVE•added 2026/06/03 10:1 p.m.•7 views

CVE-2026-10221

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...

7.5CVSS6.8AI score0.00304EPSS

Exploits0References1

Github Security Blog•added 2026/06/03 9:39 p.m.•6 views

browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler

Summary The HTTP handler /log in lib/server.js lines 491–515 of browserstack-runner passes unauthenticated user-supplied data to vm.runInNewContext combined with eval, enabling a sandbox escape and arbitrary code execution on the host system. Details When browserstack-runner starts, it creates an...

8.8CVSS6.5AI score0.00395EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2026/06/03 9:37 p.m.•6 views

Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering

Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...

6.2AI score0.00062EPSS

Exploits0References2Affected Software1

Snyk•added 2026/06/03 4:24 p.m.•3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the getsignedcookie function. An attacker can access data intended for a different context by crafting distinct name, salt pairs that result in the same concatenated value. Remediation...

4.8CVSS5.5AI score0.00249EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by