CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 23 hours ago•8 views

CVE-2026-54639

CVE-2026-54639 affects Style Dictionary prior to 5.4.4, with a prototype pollution vulnerability in the convertTokenData utility (versions 4.3.0–4.x before 5.4.4). The impact is high when Style Dictionary is used as a Node.js server integration, moderate for web app integrations, and low for toke...

8.8CVSS5.8AI score

Amazon•added 2 days ago•4 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails CVE-2026-45899 In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown CVE-2026-45920 In the...

7.8CVSS5.7AI score0.00211EPSS

Exploits0

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Check for a null return value from ACPIALLOCATEZEROED in acpidbconverttopackage. ACPICA commit number: 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 The ACPIALLOCATEZEROED function may fail; the elements involved may be NULL,...

5.5CVSS6.1AI score0.00249EPSS

Exploits0References2

NVD•added 2026/06/09 11:17 p.m.•10 views

CVE-2026-9748

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS0.00323EPSS

Vulnrichment•added 2026/06/09 10:8 p.m.•5 views

CVE-2026-9748 $_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

7.1CVSS5.4AI score0.00323EPSS

Cvelist•added 2026/06/09 10:8 p.m.•36 views

CVE-2026-9748 $_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

7.1CVSS0.00323EPSS

MongoDB•added 2026/06/09 10:8 p.m.•7 views

$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

7.1CVSS5.4AI score0.00323EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-48294

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A denial of service occurs when the $ internalConvertBucketIndexStats stage uses PauseExecution to signal that a document should be skipped following a failed index stats conversion...

7.1CVSS5.4AI score0.00323EPSS

Exploits0References5

RedhatCVE•added 2026/06/05 7:33 p.m.•7 views

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS5.5AI score0.00258EPSS

RedhatCVE•added 2026/06/05 7:16 p.m.•6 views

CVE-2026-42756

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ludwig You QuickWebP - Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP - Compress / Optimize Images & Convert WebP | SEO Friendly: fr...

9.9CVSS5.4AI score0.00336EPSS

OSV•added 2026/06/05 12:4 p.m.•7 views

RLSA-2026:22649 Important: php8.4 security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

8.2CVSS5.7AI score0.0045EPSS

Exploits1References7

Rockylinux•added 2026/06/05 12:4 p.m.•11 views

php8.4 security update

An update is available for php8.4. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language. PHP attempts to make it easy for...

9.1CVSS5.7AI score0.0045EPSS

Exploits1

NVD•added 2026/05/29 4:16 p.m.•8 views

CVE-2018-25383

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Conve...

8.6CVSS0.00181EPSS

Vulnrichment•added 2026/05/29 2:46 p.m.•10 views

CVE-2018-25383 Free MP3 CD Ripper 2.8 Buffer Overflow SEH DEP Bypass

EUVD•added 2026/05/29 2:46 p.m.•10 views

EUVD-2018-21905

CVE•added 2026/05/29 2:46 p.m.•18 views

CVE-2018-25383

CVE-2018-25383 affects Free MP3 CD Ripper 2.8. The vulnerability is a stack-based buffer overflow in WMA file processing within the Convert function, allowing a local attacker to bypass DEP via SEH manipulation and execute arbitrary code (via a ROP chain and shellcode injection). The impact is lo...

Microsoft CVE•added 2026/05/29 8:7 a.m.•5 views

ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

...

7.1CVSS5.4AI score0.00128EPSS

Exploits0

Positive Technologies•added 2026/05/29 12:0 a.m.•12 views

PT-2026-44861

RedhatCVE•added 2026/05/28 6:39 p.m.•11 views

CVE-2026-46146

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture usb-audio subsystem. This vulnerability exists in the convertchmapv3 function, where the csdesc-wLength value is not properly validated. A malicious actor could provide a specially crafted, malformed USB audio descripto...

5.5CVSS5.8AI score0.00128EPSS