CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/06/11 12:0 a.m.•7 views

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability due to improper handling of symbolic links, which could allow applications to access protected user data...

5.5CVSS5.3AI score0.00194EPSS

CNNVD•added 2026/06/11 12:0 a.m.•9 views

Apple macOS 访问控制错误漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.1 and earlier contained an access control error vulnerability. This vulnerability stemmed from an access issue that could allow malicious applications to acces...

5.5CVSS6.5AI score0.00112EPSS

CNNVD•added 2026/06/11 12:0 a.m.•8 views

Apple macOS 后置链接漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a backlink vulnerability, which was caused by improper handling of symbolic links. This vulnerability could allow applications to...

5.5CVSS5.3AI score0.0014EPSS

CNNVD•added 2026/06/11 12:0 a.m.•7 views

Apple macOS 访问控制错误漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.1 and earlier contained an access control vulnerability caused by permission issues, which could allow applications to access protected user data...

7.5CVSS6.5AI score0.0027EPSS

Positive Technologies•added 2026/06/11 12:0 a.m.•11 views

PT-2026-48662

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/file utils.py. The functions filter safe tarinfos and filter safe zipinfos validate archive member paths against the process current working directory CWD instead...

8.1CVSS7.6AI score0.00449EPSS

Exploits0References3

CNNVD•added 2026/06/11 12:0 a.m.•12 views

Cloud Foundry UAA和CloudFoundry CF Deployment 数据伪造问题漏洞

Cloud Foundry UAA is an identity verification and management service terminal developed by the Cloud Foundry Foundation in the United States, and it is used on the CloudFoundry platform. CloudFoundry CF Deployment is a code deployment component provided by the Cloud Foundry Foundation. Versions o...

9CVSS5.4AI score0.00122EPSS

CNNVD•added 2026/06/11 12:0 a.m.•6 views

Cerebrate 信息泄露漏洞

Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...

5.1CVSS5.3AI score0.00242EPSS

Positive Technologies•added 2026/06/11 12:0 a.m.•7 views

PT-2026-48799

Name of the Vulnerable Software and Affected Versions GeoServer DB2 DataStore Extension versions prior to 2.27.0 Description An administrator can perform a JNDI attack through a specially crafted DB2 jdbc url, which can lead to Remote Code Execution RCE. Authenticated users can access the Vector...

8.8CVSS7.4AI score0.01378EPSS

Exploits0References7

Redos•added 2026/06/11 12:0 a.m.•5 views

ROS-20260611-73-0028

The vulnerability of the ecamencodercompressh264 function in the FreeRDP remote desktop protocol is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data or cause service failures...

9.1CVSS7.7AI score0.00489EPSS

Exploits0

Redos•added 2026/06/11 12:0 a.m.•4 views

ROS-20260611-73-0027

9.1CVSS7.7AI score0.00489EPSS

Exploits0

Tenable Nessus•added 2026/06/11 12:0 a.m.•3 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenJDK 21 vulnerabilities (USN-8328-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8328-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. ...

7.5CVSS7.6AI score0.00358EPSS

Exploits0References9

Positive Technologies•added 2026/06/11 12:0 a.m.•9 views

PT-2026-48743

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description A path traversal issue exists in the memory-core artifact loading process, where the workspace state affects how the local package root is resolved. This allows attackers with access to affected...

7.8CVSS5.5AI score0.00114EPSS

Exploits0References5

Positive Technologies•added 2026/06/11 12:0 a.m.•10 views

PT-2026-48792

Name of the Vulnerable Software and Affected Versions ClipBucket v5 versions prior to 5.5.3 Description An authenticated user with video upload privileges can exploit a boolean-based blind SQL injection, a technique where data is exfiltrated by observing true or false responses from the server. T...

8.8CVSS5.4AI score0.00307EPSS

Exploits0References3

Redos•added 2026/06/11 12:0 a.m.•2 views

ROS-20260611-73-0016

The vulnerability of the cleardecompressbandsdata function in the RDP client FreeRDP is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and cause service failures...

9.8CVSS6.3AI score0.00589EPSS

Exploits1

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score

Deserialization of Untrusted Data

8.8CVSS6.5AI score

Deserialization of Untrusted Data

8.8CVSS6.5AI score