CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5059 matches found

OSV•added 2026/02/26 1:16 a.m.•5 views

DEBIAN-CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS8.1AI score0.00313EPSS

Exploits0References1

Debian CVE•added 2026/02/26 12:45 a.m.•4 views

CVE-2026-27830

8.9CVSS8.1AI score0.00313EPSS

Exploits0

ATTACKERKB•added 2026/02/26 12:45 a.m.•3 views

CVE-2026-27830

8.9CVSS6.2AI score0.00313EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/02/26 12:45 a.m.•23 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

8.9CVSS0.00313EPSS

Exploits0References5

OSV•added 2026/02/26 12:45 a.m.•2 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

8.9CVSS6.2AI score0.00313EPSS

Exploits0References7

Vulnrichment•added 2026/02/26 12:45 a.m.•2 views

CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

8.9CVSS7.4AI score0.00313EPSS

Exploits0References5

CVE•added 2026/02/26 12:45 a.m.•57 views

CVE-2026-27830

CVE-2026-27830 affects the c3p0 JDBC connection pool. Before 0.12.0, the property userOverridesAsString was stored as a hex-encoded serialized object, enabling an attacker to reset it and trigger deserialization that could load code from a remote factoryClassLocation via embedded JNDI references....

8.9CVSS6.1AI score0.00313EPSS

Exploits0References5

CNNVD•added 2026/02/26 12:0 a.m.•5 views

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 have security vulnerabilities. These vulnerabilities stem from...

5.3CVSS5.8AI score0.00049EPSS

Exploits0References2

Positive Technologies•added 2026/02/26 12:0 a.m.•3 views

PT-2026-22193

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse is an open source discussion platform. Prior to specific versions, moderators could export user Chat Direct...

5.3CVSS5.9AI score0.00049EPSS

Exploits0References7

UbuntuCve•added 2026/02/26 12:0 a.m.•3 views

CVE-2026-27830

8.9CVSS6.2AI score0.00313EPSS

Exploits0References6

EUVD•added 2026/02/25 6:31 a.m.•5 views

EUVD-2026-8610

A vulnerability was found in libvips up to 8.18.0. This affects the function vipsforeignloadcsvbuild of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch i...

7.8CVSS5.5AI score0.00026EPSS

Exploits1References9

Snyk•added 2026/02/25 6:14 a.m.•4 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the vipsforeignloadcsvbuild function. An attacker can execute arbitrary code or cause a denial of service by providing specially crafted CSV files. Remediation A fix was pushed into the master branch but no...

7.8CVSS6.4AI score0.00026EPSS

Exploits1References2

OSV•added 2026/02/25 4:16 a.m.•4 views

CVE-2026-3147

7.8CVSS5.7AI score

Exploits0References8

NVD•added 2026/02/25 4:16 a.m.•9 views

CVE-2026-3147

7.8CVSS0.00026EPSS

Exploits1References8

OSV•added 2026/02/25 4:16 a.m.•0 views

UBUNTU-CVE-2026-3147

7.8CVSS5.9AI score0.00026EPSS

Exploits1References10

ATTACKERKB•added 2026/02/25 3:32 a.m.•5 views

CVE-2026-3147

7.8CVSS5.5AI score0.00026EPSS

Exploits1References8

CVE•added 2026/02/25 3:32 a.m.•11 views

CVE-2026-3147

CVE-2026-3147 affects libvips up to version 8.18.0. The vulnerability is in vips_foreign_load_csv_build (libvips/foreign/csvload.c) and causes a heap-based buffer overflow via CSV loading. The vulnerability requires local access. An exploit has been made public, and a patch exists (commit b3ab458...

7.8CVSS5.8AI score0.00026EPSS

Exploits1References8Affected Software1

Positive Technologies•added 2026/02/25 12:0 a.m.•3 views

PT-2026-21863

A vulnerability was found in libvips up to 8.18.0. This affects the function vips foreign load csv build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The pat...

5.3CVSS5.5AI score0.00026EPSS

Exploits1References9

Packet Storm News•added 2026/02/20 12:0 a.m.•18 views

Advanced BLE Scanner with RPA Resolution for Flipper Zero

This project implements a high-performance Bluetooth Low Energy BLE scanner on Flipper Zero, supporting all BLE versions from 4.0 to 5.3. It can discover nearby devices, track specific devices by MAC address, and resolve privacy-randomized Resolvable Private Addresses RPA using Identity Resolving...

5.5AI score

Exploits0

Patchstack•added 2026/02/19 8:36 a.m.•4 views

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.37 - Authenticated Subscriber+ SQL Injection via File Name vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.37...

6.5CVSS5.9AI score0.00038EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by