CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: phy: lynx-28g: Serialize concurrent physetmodeext calls to shared registers The protocol converter configuration registers PCC8, PCCC, and PCCD implemented by the driver control protocol converters across multiple lanes each...

4.7CVSS5.9AI score0.00168EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: calling inputfreedevice on the allocated iiodev The current implementation of at91tsregister calls inputfreedevice on st-tsinput. However, the err label can be reached before the allocated iiodev is stored to...

7.8CVSS6.2AI score0.0023EPSS

EUVD•added 2026/06/09 7:14 p.m.•11 views

EUVD-2026-35795

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...

6.1CVSS5.6AI score0.0022EPSS

NVD•added 2026/06/09 5:16 a.m.•9 views

CVE-2026-41855

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

8.1CVSS0.00257EPSS

OSV•added 2026/06/09 5:16 a.m.•5 views

UBUNTU-CVE-2026-41855

8.1CVSS5.6AI score0.00257EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•13 views

PT-2026-48219

Name of the Vulnerable Software and Affected Versions Ellucian Banner Self-Service versions prior to April T2 release 2025-04-23 Description A reflected cross-site scripting issue exists where unauthenticated attackers can execute arbitrary JavaScript in a victim's browser. This is achieved by...

6.1CVSS5.2AI score0.0022EPSS

Exploits0References6

CNNVD•added 2026/06/09 12:0 a.m.•10 views

Ellucian Banner Self-Service 跨站脚本漏洞

Ellucian Banner Self-Service is a higher education self-service platform developed by the American company Ellucian. Versions of Ellucian Banner Self-Service prior to 2025-04-23 had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of proper cleaning of the input...

6.1CVSS5.4AI score0.0022EPSS

RedhatCVE•added 2026/06/05 7:49 p.m.•8 views

CVE-2026-49328

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

5.3CVSS5.4AI score0.00502EPSS

RedhatCVE•added 2026/06/05 7:33 p.m.•9 views

CVE-2026-45366

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS5.5AI score0.00122EPSS

EUVD•added 2026/06/03 12:30 a.m.•11 views

EUVD-2024-55607

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

NVD•added 2026/06/02 10:16 p.m.•11 views

CVE-2024-14036

8.7CVSS0.00284EPSS

Cvelist•added 2026/06/02 9:22 p.m.•33 views

CVE-2024-14036 Dräger Core 1.0.5 Denial of Service via Malformed SDC Message

8.7CVSS0.00284EPSS

Vulnrichment•added 2026/06/02 9:22 p.m.•7 views

CVE-2024-14036 Dräger Core 1.0.5 Denial of Service via Malformed SDC Message

ATTACKERKB•added 2026/06/02 9:22 p.m.•7 views

CVE-2024-14036

CVE•added 2026/06/02 9:22 p.m.•15 views

CVE-2024-14036

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 are affected by a denial-of-service vulnerability where specially crafted, unencrypted SDC discovery messages exhaust CPU resources. Network-adjacent attackers with hospital-network access can trigger high CPU load, causing subsequent SDC ...

Positive Technologies•added 2026/06/02 12:0 a.m.•12 views

PT-2026-45863

Name of the Vulnerable Software and Affected Versions Dräger Core version 1.0.5 Dräger M540 Converter Service version 1.0.9 Description A denial of service issue allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC Service-oriented Device...

CNNVD•added 2026/06/02 12:0 a.m.•5 views

Exploits0References4

Dräger Core和Dräger M540 Converter Service 资源管理错误漏洞

Both the Dräger Core and Dräger M540 Converter Service are products of the German company Dräger. The Dräger Core is a medical device remote access and control platform. The Dräger M540 Converter Service is a medical device data conversion service. Versions 1.0.5 of Dräger Core and 1.0.9 of Dräge...

8.7CVSS5.4AI score0.00284EPSS