CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 3 days ago•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content- Length headers with differing values, forwarding all...

9.3CVSS6.1AI score0.00385EPSS

OSSF Malicious Packages•added 4 days ago•4 views

Malicious code in @briskforge/envcheck (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09dba573f5d6cb00b09562870f2148b3e539786f5d801f2a263338301d759313 The package advertises itself as a tiny environment-variable validator but ships lib/preflight.js, a heavily obfuscated obfuscator.io string-array...

5.9AI score

AstraLinux•added 4 days ago•7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: md/raid5: Unnecessary bioput calls in raid5readonechunk have been removed. When performing chunk-sized reads on disks with badblocks, it was observed that calls to biofree and bioput were duplicated...

5.9AI score0.002EPSS

EUVD•added 4 days ago•7 views

EUVD-2026-37961

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS5.2AI score

NVD•added 5 days ago•11 views

CVE-2026-56077

7.1CVSS

CVE•added 5 days ago•17 views

CVE-2026-56077

CVE-2026-56077 concerns PraisonAI before 1.5.115, where an information disclosure vulnerability exists in the MultiAgentLedger component. The root cause is failure to enforce unique agent IDs during registration, enabling attackers to share ledger instances and access sensitive data including sys...

7.1CVSS5.2AI score

Cvelist•added 5 days ago•18 views

CVE-2026-56077 PraisonAI - Information Disclosure via Shared MultiAgentLedger State

7.1CVSS

Positive Technologies•added 5 days ago•10 views

PT-2026-50808

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.115 Description An information disclosure issue exists in the MultiAgentLedger component. The system fails to enforce the uniqueness of agent IDs, allowing attackers to register agents with duplicate IDs. This...

7.1CVSS5.9AI score

Exploits0References6

Cvelist•added 6 days ago•16 views

CVE-2026-54388 Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS0.00385EPSS

Debian CVE•added 6 days ago•6 views

CVE-2026-54388

9.3CVSS5.6AI score0.00385EPSS

Exploits0

CVE•added 6 days ago•12 views

CVE-2026-54388

Tinyproxy (≤ 1.11.3) is affected by CVE-2026-54388. The issue occurs when a request contains multiple Content-Length headers with differing values: Tinyproxy forwards all duplicate headers to the backend but uses the first value to determine how many body bytes to consume. This desynchronizes pro...

9.3CVSS5.6AI score0.00385EPSS

RedHat Linux•added 2026/06/16 4:53 p.m.•2 views

gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

7.5CVSS5.3AI score0.0082EPSS

NVD•added 2026/06/15 6:16 p.m.•8 views

CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS0.00131EPSS

Vulnrichment•added 2026/06/15 4:24 p.m.•4 views

CVE-2026-8358 Heap buffer overflow in spreadsheet tracked-changes import

6.9CVSS5.6AI score0.00131EPSS

EUVD•added 2026/06/15 4:24 p.m.•5 views

EUVD-2026-36740

6.9CVSS5.6AI score0.00131EPSS

Cvelist•added 2026/06/15 4:24 p.m.•28 views

CVE-2026-8358 Heap buffer overflow in spreadsheet tracked-changes import

6.9CVSS0.00131EPSS

CVE•added 2026/06/15 4:24 p.m.•15 views

CVE-2026-8358

CVE-2026-8358 affects LibreOffice Calc during import of tracked changes. A heap buffer overflow occurs when a document reuses the same change identifier for two different kinds of changes; the importer may treat one change object as a larger type and write past the end of its allocation. The vuln...

6.9CVSS5.6AI score0.00131EPSS