CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20455 matches found

EUVD•added 2026/05/12 3:31 p.m.•30 views

EUVD-2026-29470

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

5.3CVSS5.7AI score0.00351EPSS

Exploits0References2

RedhatCVE•added 2026/05/12 2:10 p.m.•14 views

CVE-2026-42310

A flaw was found in Pillow, a Python imaging library. A remote attacker could supply a specially crafted malicious PDF file, causing the application to hang indefinitely and consume 100% CPU. This vulnerability leads to a Denial of Service DoS, making the application unresponsive...

5.5CVSS5.8AI score0.00126EPSS

Exploits0References7

Microsoft CVE•added 2026/05/12 2:0 p.m.•6 views

AMD: CVE-2025-54518 CPU OP Cache Corruption

This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for thi...

7.3CVSS5.8AI score0.00286EPSS

Exploits0

AlpineLinux•added 2026/05/12 1:28 p.m.•13 views

CVE-2026-40016

6.5CVSS5.7AI score0.00351EPSS

Exploits0References1

Cvelist•added 2026/05/12 1:28 p.m.•24 views

CVE-2026-40016

5.3CVSS0.00351EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 1:28 p.m.•4 views

CVE-2026-40016

5.3CVSS5.7AI score0.00351EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 1:28 p.m.•6 views

CVE-2026-40016

5.3CVSS5.7AI score0.00351EPSS

Exploits0References1

CVE•added 2026/05/12 1:28 p.m.•10 views

CVE-2026-40016

CVE-2026-40016: An attacker can upload a malicious Sieve script via ManageSieve (or local access) to bypass CPU time limits, potentially increasing allowed run time up to 130× the configured limit and degrading server performance. Affected component is the Sieve execution/ManageSieve handling; ro...

6.5CVSS5.7AI score0.00351EPSS

Exploits0References1Affected Software2

CNNVD•added 2026/05/12 12:0 a.m.•4 views

Open-Xchange OX Dovecot Pro 资源管理错误漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a resource management vulnerability. This vulnerability stems from allowing attackers to upload malicious Sieve scripts, bypassing the configured CPU ti...

6.5CVSS5.8AI score0.00351EPSS

Exploits0References1

CNNVD•added 2026/05/12 12:0 a.m.•5 views

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Vulnerabilities exist in versions prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0 of PhpSpreadsheet. These vulnerabilities stem from the SpreadsheetML XML reader not verifying whether the...

7.5CVSS5.8AI score0.00395EPSS

Exploits1References1

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40778

Name of the Vulnerable Software and Affected Versions AMD Zen 2-based products affected versions not specified Description Improper isolation of shared resources within the CPU operation op/µop cache on Zen 2-based products can cause incorrect instructions to be executed at a higher privilege...

7.3CVSS5.4AI score0.00286EPSS

Exploits0References69

CNNVD•added 2026/05/12 12:0 a.m.•6 views

PhpSpreadsheet 安全漏洞

7.5CVSS5.8AI score0.00395EPSS

Exploits1References1

Tenable Nessus•added 2026/05/12 12:0 a.m.•24 views

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50261)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50261 advisory. - xfrm: esp: ipv4: fix up flags setting Greg Kroah-Hartman Orabug: 39344515 CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags...

8.8CVSS7.1AI score0.92165EPSS

Exploits253References53

EUVD•added 2026/05/11 9:31 p.m.•6 views

EUVD-2026-29200

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

8.7CVSS5.9AI score0.00431EPSS

Exploits0References4

RedHat Linux•added 2026/05/11 8:0 p.m.•12 views

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...

7.5CVSS7.4AI score0.00824EPSS

Exploits0References8

Cvelist•added 2026/05/11 6:6 p.m.•31 views

CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

8.7CVSS0.00431EPSS

Exploits0References3

Debian CVE•added 2026/05/11 6:6 p.m.•4 views

CVE-2026-7790

8.7CVSS5.9AI score0.00431EPSS

Exploits0

Github Security Blog•added 2026/05/11 2:51 p.m.•15 views

urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

Impact urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or...

8.9CVSS5.8AI score0.00367EPSS

Exploits0References4Affected Software1