CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:33 p.m.•7 views

CVE-2026-27677

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

6.5CVSS5.5AI score0.00181EPSS

Ubuntu•added 2026/06/04 9:23 p.m.•11 views

USN-8391-1: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

9.8CVSS7.2AI score0.96775EPSS

Exploits257

ATTACKERKB•added 2026/05/07 8:1 p.m.•4 views

CVE-2026-41692

i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in...

4.7CVSS5.9AI score0.00144EPSS

Exploits0References3Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nfc: fdp: Fixed a potential memory leak in fdpncisend. The fdpncisend function calls fdpncii2cwrite, which does not free the skb object after its execution. As a result, when fdpncii2cwrite is completed, the skb object will...

5.5CVSS6AI score0.00148EPSS

NVD•added 2026/04/14 12:16 a.m.•2 views

CVE-2026-27676

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

4.3CVSS0.00158EPSS

CVE•added 2026/04/14 12:7 a.m.•9 views

CVE-2026-27679

CVE-2026-27679 affects the SAP S/4HANA frontend OData Service (Manage Reference Structures). Missing authorization checks allow an attacker to update and delete child entities via exposed OData services, impacting integrity (I: High) with no confidentiality or availability impact stated. CVSS v3....

Exploits0References2Affected Software1

ATTACKERKB•added 2026/04/14 12:7 a.m.•1 views

CVE-2026-27679

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

Vulnrichment•added 2026/04/14 12:7 a.m.•2 views

CVE-2026-27678 Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

EUVD•added 2026/04/14 12:7 a.m.•6 views

EUVD-2026-22150

Positive Technologies•added 2026/04/14 12:0 a.m.•2 views

PT-2026-32558

Positive Technologies•added 2026/04/14 12:0 a.m.•5 views

PT-2026-32557

RedhatCVE•added 2026/04/03 5:30 p.m.•2 views

CVE-2026-23448

A flaw was found in the Linux kernel's cdcncm module. An incorrect bounds check in the cdcncmrxverifyndp16 function, responsible for validating Network Data Protocol NDP entries, allows Datagram Pointer Entries DPE to extend beyond the intended buffer. This can lead to an out-of-bounds read when...

5.5CVSS5.9AI score0.00129EPSS

Exploits0References4

NVD•added 2026/03/06 6:16 p.m.•9 views

CVE-2026-30831

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP...

9.8CVSS0.00333EPSS

Positive Technologies•added 2025/11/27 12:0 a.m.•4 views

PT-2025-48291

Name of the Vulnerable Software and Affected Versions Astro versions 5.15.7 and below Description Astro, a web framework, is affected by a double URL encoding bypass. This allows unauthenticated attackers to bypass path-based authentication checks in Astro middleware, potentially granting...

6.5CVSS6.8AI score0.00273EPSS

Exploits0References10

CNNVD•added 2025/11/19 12:0 a.m.•3 views

Astro 跨站脚本漏洞

Astro is an Astro open source web framework for content-driven websites. A cross-site scripting vulnerability exists in Astro versions prior to 5.15.9, which stems from an image optimization endpoint that unconditionally allows data protocol URLs, potentially leading to cross-site scripting attac...

6.1CVSS5.8AI score0.00218EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-14490

Malware in sbrugna...

7.5CVSS8.5AI score0.02269EPSS

Exploits1References15

Tenable Nessus•added 2025/08/07 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2024-10460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox E...

5.4CVSS6.8AI score0.00294EPSS

RedhatCVE•added 2025/05/23 1:16 a.m.•4 views

CVE-2022-29952

Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols 60005/TCP, 60007/TCP for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration BNMC software. These protocol...

9.1CVSS7.1AI score0.00863EPSS