CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/13 12:19 a.m.•48 views

CVE-2026-8202

CVE-2026-8202 affects MongoDB Server prior to certain fixed versions: v7.0 before 7.0.34, v8.0 before 8.0.23, v8.2 before 8.2.9, and v8.3 before 8.3.2. The issue is a post-authentication CPU DoS caused by using a densely populated characters mask with large input strings in the MongoDB aggregatio...

6.5CVSS5.8AI score0.00263EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/05/13 12:0 a.m.•9 views

Netty 资源管理错误漏洞

Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained a resource management vulnerability. This...

7.5CVSS6.6AI score0.0036EPSS

NVD•added 2026/05/12 10:16 p.m.•8 views

CVE-2026-40863

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...

7.5CVSS0.00395EPSS

NVD•added 2026/05/12 10:16 p.m.•8 views

CVE-2026-40902

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...

7.5CVSS0.00395EPSS

CVE•added 2026/05/12 10:4 p.m.•15 views

CVE-2026-40863

CVE-2026-40863 affects PhpSpreadsheet’s SpreadsheetML XML reader. An attacker can craft an XML with an oversized ss:Index (e.g., 999999999) on a , inflating the internal cachedHighestRow to ~1 billion and causing CPU exhaustion during row iteration. This leads to denial of service when processing...

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/12 10:2 p.m.•6 views

CVE-2026-40902

Exploits1References2Affected Software1

CVE•added 2026/05/12 10:2 p.m.•47 views

CVE-2026-40902

CVE-2026-40902 affects PhpSpreadsheet’s XLSX reader. The vulnerability arises when ColumnAndRowAttributes::readRowAttributes() reads the row index (r attribute) from XML without validating against the maximum row limit (AddressRange::MAX_ROW = 1,048,576). An attacker can craft a tiny XLSX file co...

Exploits1References1Affected Software1

EUVD•added 2026/05/12 3:31 p.m.•32 views

EUVD-2026-29470

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

5.3CVSS5.7AI score0.00338EPSS

Exploits0References2

RedhatCVE•added 2026/05/12 2:10 p.m.•18 views

CVE-2026-42310

A flaw was found in Pillow, a Python imaging library. A remote attacker could supply a specially crafted malicious PDF file, causing the application to hang indefinitely and consume 100% CPU. This vulnerability leads to a Denial of Service DoS, making the application unresponsive...

5.5CVSS5.8AI score0.00126EPSS

Exploits0References7

Microsoft CVE•added 2026/05/12 2:0 p.m.•10 views

AMD: CVE-2025-54518 CPU OP Cache Corruption

This vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for thi...

7.3CVSS5.8AI score0.00286EPSS

Exploits0

ATTACKERKB•added 2026/05/12 1:28 p.m.•5 views

CVE-2026-40016

5.3CVSS5.7AI score0.00338EPSS

Exploits0References2

AlpineLinux•added 2026/05/12 1:28 p.m.•15 views

CVE-2026-40016

6.5CVSS5.7AI score0.00338EPSS

Cvelist•added 2026/05/12 1:28 p.m.•27 views

CVE-2026-40016

5.3CVSS0.00338EPSS

Vulnrichment•added 2026/05/12 1:28 p.m.•8 views

CVE-2026-40016

5.3CVSS5.7AI score0.00338EPSS

CVE•added 2026/05/12 1:28 p.m.•16 views

CVE-2026-40016

CVE-2026-40016: An attacker can upload a malicious Sieve script via ManageSieve (or local access) to bypass CPU time limits, potentially increasing allowed run time up to 130× the configured limit and degrading server performance. Affected component is the Sieve execution/ManageSieve handling; ro...

6.5CVSS5.7AI score0.00338EPSS

Exploits0References1Affected Software2

CNNVD•added 2026/05/12 12:0 a.m.•12 views

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Vulnerabilities exist in versions prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0 of PhpSpreadsheet. These vulnerabilities stem from the SpreadsheetML XML reader not verifying whether the...

CNNVD•added 2026/05/12 12:0 a.m.•7 views

PhpSpreadsheet 安全漏洞

CNNVD•added 2026/05/12 12:0 a.m.•6 views

Open-Xchange OX Dovecot Pro 资源管理错误漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a resource management vulnerability. This vulnerability stems from allowing attackers to upload malicious Sieve scripts, bypassing the configured CPU ti...

6.5CVSS5.8AI score0.00338EPSS