CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel before version 6.1.13, there is a double-free in the net/mpls/afmpls.c file when an allocation failure occurs due to registering the sysctl table under a new location during the renaming of a device...

4.7CVSS6.7AI score0.00015EPSS

Exploits0References2

OSV•added 2026/04/21 2:38 p.m.•3 views

GHSA-MF9W-MJ56-HR94 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

Summary setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Details The rewrite context manager in dotenv/main.py is used by both setkey...

6.6CVSS5.8AI score0.00004EPSS

Exploits1References6

Github Security Blog•added 2026/04/21 2:38 p.m.•30 views

python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

6.6CVSS5.8AI score0.00004EPSS

Exploits1References6Affected Software1

EUVD•added 2026/04/21 2:38 p.m.•1 views

EUVD-2026-23901

python-dotenv: Symlink following in setkey allows arbitrary file overwrite via cross-device rename fallback...

6.6CVSS5.9AI score0.00004EPSS

Exploits1References5

Cvelist•added 2026/04/20 4:25 p.m.•26 views

CVE-2026-28684 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

6.6CVSS0.00004EPSS

Exploits1References3

Vulnrichment•added 2026/04/20 4:25 p.m.•3 views

CVE-2026-28684 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

6.6CVSS5.9AI score0.00004EPSS

Exploits1References3

CVE•added 2026/04/20 4:25 p.m.•22 views

CVE-2026-28684

CVE-2026-28684 (python-dotenv) : The issue affects python-dotenv where the functions set_key() and unset_key() follow symbolic links when rewriting the .env file. This behavior enables a local attacker to overwrite arbitrary files via a crafted symlink during a cross-device rename fallback. Impac...

6.6CVSS5.9AI score0.00004EPSS

Exploits1References3Affected Software1

CNNVD•added 2026/03/25 12:0 a.m.•5 views

Domoticz 跨站脚本漏洞

Domoticz is an open-source smart home system developed by the Domoticz company. This system supports the monitoring and control of various smart home devices. Versions of Domoticz prior to 2026.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web interface’s...

4.8CVSS5.9AI score0.00076EPSS

Exploits0References3

RedHat Linux•added 2026/02/12 1:6 a.m.•5 views

kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ibregisterdevice" problem Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x116/0x1f0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:408 inline...

7.8CVSS5.7AI score0.00063EPSS

Exploits0References5

RedhatCVE•added 2025/12/06 5:55 p.m.•4 views

CVE-2025-34262

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

5.4CVSS5.4AI score0.00024EPSS

Exploits0References1

NVD•added 2025/12/05 6:15 p.m.•5 views

CVE-2025-34262

5.4CVSS0.00024EPSS

Exploits0References3

Vulnrichment•added 2025/12/05 5:16 p.m.•3 views

CVE-2025-34262 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devices/name/{agent_id}

5.1CVSS5AI score0.00024EPSS

Exploits0References3

Cvelist•added 2025/12/05 5:16 p.m.•19 views

CVE-2025-34262 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devices/name/{agent_id}

5.1CVSS0.00024EPSS

Exploits0References3

EUVD•added 2025/12/05 5:16 p.m.•2 views

EUVD-2025-201434

5.1CVSS5AI score0.00024EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•8 views

EUVD-2025-27874

Malicious code in bioql PyPI...

7.6AI score0.00063EPSS

Exploits0References3

OSV•added 2025/10/03 7:56 p.m.•4 views

RLSA-2025:12662 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: HID: intel-ish-hid: Fix use-after-free issue ...

7.8CVSS6.7AI score0.00111EPSS

Exploits0References12

Tenable Nessus•added 2025/08/12 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2024-51491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during...

3.3CVSS6.9AI score0.00035EPSS

Exploits1References2