CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4403 matches found

OSV•added 2026/05/13 3:15 p.m.•2 views

MINI-MHF9-GG69-885H

Bulletin has no description...

8.8CVSS5.7AI score0.00994EPSS

Exploits1

SUSE CVE•added 2026/05/13 3:33 a.m.•7 views

SUSE CVE-2026-43438

In the Linux kernel, the following vulnerability has been resolved: schedext: Remove redundant cssput in scxcgroupinit The iterator cssforeachdescendantpre walks the cgroup hierarchy under cgrouplock. It does not increment the reference counts on yielded css structs. According to the cgroup...

7.8CVSS5.7AI score0.00125EPSS

Exploits0References3

CNNVD•added 2026/05/13 12:0 a.m.•9 views

protobuf.js 操作系统命令注入漏洞

protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions of protobuf.js prior to 1.2.1 and 2.0.2 h...

7.8CVSS5.8AI score0.00132EPSS

Exploits0References2

NVD•added 2026/05/12 10:16 p.m.•13 views

CVE-2026-44262

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS0.03715EPSS

Exploits3References2

Vulnrichment•added 2026/05/12 8:56 p.m.•5 views

CVE-2026-44262 Scramble: Remote code execution via evaluation of user-controlled input in validation rules

9.4CVSS6.1AI score0.03715EPSS

Exploits3References2

Cvelist•added 2026/05/12 8:56 p.m.•60 views

CVE-2026-44262 Scramble: Remote code execution via evaluation of user-controlled input in validation rules

9.4CVSS0.03715EPSS

Exploits3References2

CVE•added 2026/05/12 8:56 p.m.•37 views

CVE-2026-44262

CVE-2026-44262 affects dedoc/scramble (Laravel API documentation generator) versions 0.13.2–0.13.21. The vulnerability arises when publicly accessible docs endpoints evaluate user-controlled input via NodeRulesEvaluator::doEvaluateExpression(), which may evaluate request data and execute arbitrar...

9.4CVSS6.1AI score0.03715EPSS

Exploits3References2

ATTACKERKB•added 2026/05/12 8:56 p.m.•5 views

CVE-2026-44262

9.4CVSS6.1AI score0.03715EPSS

Exploits3References3Affected Software1

CNNVD•added 2026/05/12 12:0 a.m.•10 views

Scramble 代码注入漏洞

Scramble is a tool developed by de:doc for automatically generating API documentation for Laravel projects. Versions of Scramble from 0.13.2 to 0.13.22 contained a code injection vulnerability. This vulnerability stemmed from the exposed documentation endpoints and the use of validation rules tha...

9.4CVSS6AI score0.03715EPSS

Exploits3References2

OSV•added 2026/05/11 11:15 p.m.•1 views

MINI-32F4-G8FQ-8PJM

Bulletin has no description...

5.3CVSS5.7AI score0.00179EPSS

Exploits0

EUVD•added 2026/05/11 9:10 p.m.•7 views

EUVD-2026-29333

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

6.5CVSS5.9AI score0.00211EPSS

Exploits0References1

OSV•added 2026/05/11 7:34 p.m.•2 views

MINI-PV65-FHFP-CR45

Bulletin has no description...

7.5CVSS5.7AI score0.00565EPSS

Exploits0

OSV•added 2026/05/11 7:3 p.m.•2 views

MINI-HC4H-GH4W-FFRW

Bulletin has no description...

7.5CVSS5.7AI score0.00369EPSS

Exploits0

OSV•added 2026/05/11 7:2 p.m.•1 views

MINI-2RQ6-FPRH-HM8P

Bulletin has no description...

5.9CVSS5.7AI score0.0017EPSS

Exploits0

SUSE CVE•added 2026/05/11 2:14 p.m.•8 views

SUSE CVE-2026-41493

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

7.5CVSS5.9AI score0.00388EPSS

Exploits0References3

OSV•added 2026/05/11 5:49 a.m.•4 views

MINI-6MXV-28X9-257P

Bulletin has no description...

5.9CVSS5.7AI score0.0017EPSS

Exploits0

Packet Storm News•added 2026/05/11 12:0 a.m.•69 views

Under the Hood of SKILL.Md: Semantic Supply-Chain Attacks on AI Agent Skill Registry

Autonomous AI agents increasingly extend their capabilities through Agent Skills: modular filesystem packages whose SKILL.md files describe when and how agents should use them. While this design enables scalable, on-demand capability expansion, it also introduces a semantic supply-chain risk in...

5.7AI score

Exploits0

Positive Technologies•added 2026/05/11 12:0 a.m.•9 views

PT-2026-39857

Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.0 Description The 'shares.create' API accepts both collectionId and documentId simultaneously. When published is set to false, the system only verifies read access for each, skipping the required share permission...

6.5CVSS5.9AI score0.00211EPSS

Exploits0References3

OSV•added 2026/05/10 8:45 p.m.•8 views

MINI-X859-P4PR-PJ8H

Bulletin has no description...

7.5CVSS5.7AI score0.00565EPSS

Exploits0

OSV•added 2026/05/10 8:45 p.m.•6 views

MINI-292H-QF8Q-PMM4

Bulletin has no description...

6.1CVSS5.7AI score0.00371EPSS

Exploits0