CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16820 matches found

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-48269

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description An incorrect authorization flaw allows a high-privileged attacker to achieve arbitrary code execution in the context of the current user. This issue...

9.1CVSS6AI score0.02236EPSS

Exploits0References3

Positive Technologies•added 2026/06/09 12:0 a.m.•7 views

PT-2026-48311

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

7.5CVSS5.4AI score0.00324EPSS

Exploits0References2

Zero Day Initiative•added 2026/06/09 12:0 a.m.•7 views

Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dolistapikeys method. The issue results from the lack of proper...

7.2CVSS8.2AI score0.00834EPSS

Exploits0References1

Zero Day Initiative•added 2026/06/09 12:0 a.m.•7 views

Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dodelapikey method. The issue results from the lack of proper...

8.8CVSS7.8AI score0.00834EPSS

Exploits0References1

Packet Storm News•added 2026/06/09 12:0 a.m.•8 views

Context-Based Adversarial Attacks on AI Code Generators: Vulnerability Analysis and Implications

AI-powered code generation systems have transformed software development but introduce critical inference-time security vulnerabilities. This research presents a systematic investigation of context-based adversarial attacks, where strategically crafted contextual inputs, including comments,...

5.6AI score

Exploits0

Positive Technologies•added 2026/06/09 12:0 a.m.•8 views

PT-2026-47843

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.3 Description The implementations of AES-SIV and AES-GCM-SIV mishandle the authentication of Additional Authenticated Data AAD when the ciphertext is empty, which allows for the forgery of such messages. In the...

4.8CVSS5.6AI score0.0021EPSS

Exploits0References93

RedhatCVE•added 2026/06/08 7:38 p.m.•5 views

CVE-2026-46290

A flaw was found in the Linux kernel's x86/efi component. Due to changes in FPU softirq handling, the system incorrectly identifies normal task context as an interrupt context. This issue, when combined with buggy firmware that triggers page faults during EFI Extensible Firmware Interface runtime...

5.5AI score0.00166EPSS

Exploits0References4

OSV•added 2026/06/08 4:44 p.m.•3 views

MINI-88WQ-XW4W-QXCV

Bulletin has no description...

6.5CVSS5.2AI score0.0034EPSS

Exploits0

ATTACKERKB•added 2026/06/08 3:46 p.m.•5 views

CVE-2026-46290

In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 "x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs", kernelfpubegin calls fpregslock which uses...

5.4AI score0.00166EPSS

Exploits0References4Affected Software1

IBM Security Bulletins•added 2026/06/08 1:55 p.m.•3 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Insecure Default Initialization of Resource CVE-2025-66414

Summary MCP TypeScript SDK is used by the IBM Datapower Operations Dashboard to implement the Model Context Protocol MCP using Node.js Vulnerability Details CVEID:CVE-2025-66414 DESCRIPTION: MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. Prior to...

8.7CVSS5.5AI score0.00445EPSS

Exploits1Affected Software1

OSV•added 2026/06/08 11:39 a.m.•5 views

MINI-C363-HPHW-Q6HX

Bulletin has no description...

7.5CVSS6AI score0.00357EPSS

Exploits0

Hacker One•added 2026/06/08 3:11 a.m.•44 views

curl: SSH/SFTP connection reuse can bypass SSH key identity after ssh_config_matches removal

Summary: libcurl's SSH/SFTP connection reuse logic no longer binds a pooled SSH connection to the SSH key identity requested by the new transfer. After sshconfigmatches was removed, urlmatchprotoconfig again has no SSH-specific check for CURLOPTSSHPUBLICKEYFILE or CURLOPTSSHPRIVATEKEYFILE. An...

7.7CVSS7.5AI score0.02596EPSS

Exploits2

Positive Technologies•added 2026/06/08 12:0 a.m.•6 views

PT-2026-47362

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the x86 EFI implementation where the graceful page fault handler efi crash gracefully on page fault incorrectly identifies the system state. Due to changes in FPU...

9.1CVSS5.3AI score0.00457EPSS

Exploits1References63

OSV•added 2026/06/07 7:24 p.m.•2 views

MINI-8CHQ-VWWJ-W6J4

Bulletin has no description...

10CVSS5.2AI score0.00319EPSS

Exploits0

OSV•added 2026/06/07 7:24 p.m.•4 views

MINI-WP56-92GV-H5X8

Bulletin has no description...

7.5CVSS5.2AI score0.00276EPSS

Exploits0