CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7105 matches found

CVE-2026-10277

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

6.5CVSS0.00042EPSS

Exploits0References8

Cvelist•added 3 days ago•22 views

CVE-2026-10277 j3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access control

6.5CVSS0.00042EPSS

Exploits0References8

EUVD•added 3 days ago•6 views

EUVD-2026-33721

6.5CVSS6.1AI score0.00042EPSS

Exploits0References8

CVE•added 3 days ago•7 views

CVE-2026-10277

CVE-2026-10277 affects the MCP Gmail Tool in j3k0/mcp-google-workspace (up to commit 831790e7d5c2663325733d9f5579cc339a267c4c). The vulnerability resides in the saveToDisk function of src/tools/gmail.ts and leads to improper access controls when a manipulation is performed, with remote initiation...

6.5CVSS6.1AI score0.00042EPSS

Exploits0References8

Cvelist•added 3 days ago•24 views

CVE-2026-10241 jeecgboot The server processes these URLs Cloud Instance Metadata Endpoint debug FileDownloadUtils.download2DiskFromNet server-side request forgery

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS0.00043EPSS

Exploits0References6

EUVD•added 6 days ago•6 views

EUVD-2026-33305

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

6.9CVSS6AI score0.0006EPSS

Exploits1References1

Fedora•added 6 days ago•7 views

[SECURITY] Fedora 44 Update: podofo-1.0.4-1.fc44

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

2.5CVSS5.8AI score0.00014EPSS

Exploits0

SUSE CVE•added last week•4 views

SUSE CVE-2026-45997

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves the gendisk referenced. The deviceadddisk error path in sdprobe calls...

5.8AI score0.00032EPSS

Exploits0References3

RedhatCVE•added 2026/05/27 9:37 p.m.•5 views

CVE-2026-45997

A flaw was found in the Linux kernel's SCSI disk sd driver. When adding a new device, a failure in deviceadd can lead to a resource leak where a gendisk remains referenced but is not properly freed. This missing cleanup, specifically the putdisk call, can result in resource exhaustion. A local...

5.5CVSS5.8AI score0.00032EPSS

Exploits0References4

RedhatCVE•added 2026/05/27 5:37 p.m.•4 views

CVE-2026-46079

A flaw was found in the Linux kernel's Rados Block Device rbd module. When adding a new block device, a double teardown of resources can occur if the disk addition process fails. This can lead to a null-pointer dereference during cleanup operations, allowing a local attacker to cause a system...

5.5CVSS5.8AI score0.00032EPSS

Exploits0References4

NVD•added 2026/05/27 2:17 p.m.•5 views

CVE-2026-46079

In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after deviceadd succeeds, the error path calls rbdfreedisk directly and then later...

0.00032EPSS

Exploits0References6

OSV•added 2026/05/27 2:17 p.m.•2 views

UBUNTU-CVE-2026-45920

In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4putsuper associated with the dirty clusters count: WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324...

5.4AI score0.00032EPSS

Exploits0References3

OSV•added 2026/05/27 2:17 p.m.•3 views

UBUNTU-CVE-2026-45997

5.7AI score0.00032EPSS

Exploits0References3

OSV•added 2026/05/27 2:17 p.m.•1 views

UBUNTU-CVE-2026-46079

5.7AI score0.00032EPSS

Exploits0References3

Vulnrichment•added 2026/05/27 1:16 p.m.•6 views

CVE-2026-7528 Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

7.1CVSS5.8AI score0.00044EPSS

Exploits0References1

CVE•added 2026/05/27 1:16 p.m.•10 views

CVE-2026-7528

IBM Langflow OSS versions 1.0.0–1.9.0 are vulnerable to an unauthenticated file upload that allows unlimited uploads via the deprecated /api/v1/upload/{flow_id} endpoint, enabling DoS through uncontrolled resource consumption and potential absolute path disclosure in API responses. The root cause...

7.5CVSS5.8AI score0.00044EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/27 1:16 p.m.•31 views

CVE-2026-7528 Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

7.1CVSS0.00044EPSS

Exploits0References1

EUVD•added 2026/05/27 12:58 p.m.•5 views

EUVD-2026-32462

5.8AI score0.00032EPSS

Exploits0References5