CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/05/04 5:40 p.m.•3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...

7.1CVSS5.8AI score0.00398EPSS

Snyk•added 2026/05/04 5:40 p.m.•3 views

NULL Pointer Dereference

7.1CVSS5.8AI score0.00398EPSS

Snyk•added 2026/05/04 5:40 p.m.•5 views

NULL Pointer Dereference

7.1CVSS5.8AI score0.00398EPSS

CVE•added 2026/05/04 4:22 p.m.•16 views

CVE-2026-42809

Apache Polaris is affected via the staged-create path where an authenticated, low-privilege user can supply a custom location during stage create and request credential vending. Polaris issues broad temporary (vended) storage credentials tied to that location before normal validation and overlap ...

9.9CVSS5.8AI score0.00355EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/04 1:16 p.m.•5 views

CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS0.01001EPSS

AlpineLinux•added 2026/05/04 12:38 p.m.•6 views

CVE-2026-7482

9.1CVSS6AI score0.01001EPSS

Cvelist•added 2026/05/04 12:38 p.m.•26 views

CVE-2026-7482 Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers

9.1CVSS0.01001EPSS

Vulnrichment•added 2026/05/04 12:38 p.m.•5 views

CVE-2026-7482 Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers

9.1CVSS5.8AI score0.01001EPSS

Snyk•added 2026/05/04 9:31 a.m.•9 views

Directory Traversal

Overview @puchunjie/doc-tools-mcp is a Word 文档处理 MCP 服务器 - 基于 TypeScript 的文档处理工具 Affected versions of this package are vulnerable to Directory Traversal via the createdocument or opendocument functions in the MCP Interface component when processing the filePath argument. An attacker can access or...

6.5CVSS7AI score0.00288EPSS

Github Security Blog•added 2026/05/04 9:31 a.m.•12 views

@puchunjie/doc-tools-mcp has a Path Traversal Issue

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

6.5CVSS6.3AI score0.00288EPSS

Exploits0References8Affected Software1

NVD•added 2026/05/04 7:16 a.m.•6 views

CVE-2026-7738

6.5CVSS0.00288EPSS

Exploits0References6

ATTACKERKB•added 2026/05/04 6:0 a.m.•3 views

CVE-2026-7738

6.5CVSS6.3AI score0.00288EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/05/04 6:0 a.m.•40 views

CVE-2026-7738 puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal

6.5CVSS0.00288EPSS

Exploits0References6

CNNVD•added 2026/05/04 12:0 a.m.•10 views

Ollama 缓冲区错误漏洞

Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...

9.1CVSS6AI score0.01001EPSS

Exploits3References1

CNNVD•added 2026/05/04 12:0 a.m.•8 views

Word Tools MCP Server 路径遍历漏洞

Word Tools MCP Server is an AI-driven word document manipulation tool developed by Jeremy Pu. Version 1.0.18 of Word Tools MCP Server contains a path traversal vulnerability. This vulnerability stems from the createdocument/opendocument function in the MCP Interface component, where the filePath...

6.5CVSS6.6AI score0.00288EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: posix-timers: A potential memory leak was identified in dotimercreate. When creating a posix timer with allocation of a specific timer ID, if there are issues with accessing the value in the user space, the function terminates...

5.1AI score0.00145EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: Fixed a crash that occurred during hcicreatecissync. When attempting to connect multiple ISO sockets without using DEFERSETUP, the following crash may occur: BUG: KASAN: nullptrderef in...

5.5CVSS6.4AI score0.00146EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the drivers/mtd/ubi/vtbl.c file in the Linux kernel, up to version 6.7.4, it is possible for the code to attempt to allocate zero bytes, resulting in a crash due to a missing check for ubi-lebsize...

5.5CVSS6.4AI score0.00248EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in SQLite

In SQLite version 3.22.0, databases whose schemas are corrupted using the CREATE TABLE AS statement could lead to a NULL pointer dereferencing issue, related to build.c and prepare.c...

7.5CVSS6.6AI score0.08186EPSS