CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5584 matches found

CVE-2026-34298

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application...

4.7CVSS0.00042EPSS

Exploits0References1

RedhatCVE•added 3 hours ago•0 views

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS0.00037EPSS

Exploits0References1

RedhatCVE•added 3 hours ago•0 views

CVE-2026-0512

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

6.1CVSS0.00108EPSS

Exploits0References1

Redos•added 22 hours ago•2 views

ROS-20260605-73-0056

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to insufficient validation of input data. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

10CVSS5.5AI score0.00032EPSS

Exploits0

EUVD•added 4 days ago•6 views

EUVD-2026-33726

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00013EPSS

Exploits0References2

Cvelist•added 4 days ago•24 views

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

7.8CVSS0.00013EPSS

Exploits0References2

RedhatCVE•added 4 days ago•5 views

CVE-2026-42000

A flaw was found in pdns. This vulnerability, stemming from insufficient validation of names during an Asynchronous Zone Transfer AXFR, allows a remote attacker to compromise the integrity of DNS data. By sending specially crafted requests, an attacker could potentially poison DNS caches or make...

8.6CVSS5.8AI score0.00016EPSS

Exploits0References2

Nuclei•added 4 days ago•46 views

Mitel MiCollab - Authentication Bypass

A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the...

9.8CVSS7.5AI score0.93912EPSS

Exploits3References3

Redos•added 2026/05/29 12:0 a.m.•10 views

ROS-20260529-73-0004

The vulnerability of the GNOME Remote Desktop remote desktop service is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to compromise data integrity and cause service failures through a specially created RDP packet...

6.5CVSS5.8AI score0.00454EPSS

Exploits0

Redos•added 2026/05/29 12:0 a.m.•9 views

ROS-20260529-73-0019

The vulnerability of the software for interacting with servers via CURL is related to the storage of dangerous files. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

6.5CVSS7.3AI score0.00146EPSS

Exploits1

RedhatCVE•added 2026/05/28 8:21 p.m.•8 views

CVE-2026-46115

A flaw was found in the Linux kernel's block subsystem. The biovecphysmergeable function, which combines physically contiguous memory segments, lacked a check to ensure these segments belonged to the same device page map devpagemap. This omission could result in the incorrect identification of th...

9.8CVSS5.8AI score0.0006EPSS

Exploits0References4

CVE•added 2026/05/28 5:17 p.m.•7 views

CVE-2026-45787

The CVE-2026-45787 entry concerns electerm, an open-source terminal/SSH/etc. client. Technical details in connected sources show that versions prior to 3.9.5 use deterministic AES-192-CBC with a fixed zero IV, a constant KDF salt, and no MAC, causing confidentiality and integrity failures for syn...

9.1CVSS5.8AI score0.00008EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/28 5:17 p.m.•7 views

CVE-2026-45787 electerm's encrypt method not safe enough

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS5.8AI score0.00008EPSS

Exploits0References2

NVD•added 2026/05/28 5:16 a.m.•11 views

CVE-2026-9793

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

7.5CVSS0.00013EPSS

Exploits0References2

CVE•added 2026/05/28 3:44 a.m.•16 views

CVE-2026-9793

Keycloak vulnerability CVE-2026-9793: when a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This can lead to unauthorized claims and data integrity c...

7.5CVSS5.8AI score0.00013EPSS

Exploits0References2Affected Software1