CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/06/09 2:20 a.m.•9 views

SUSE CVE-2026-50265

This CVE ID was assigned as a duplicate of CVE-2026-50292...

7CVSS5.4AI score0.00019EPSS

Exploits0References8

CNNVD•added 2026/06/09 12:0 a.m.•15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the vgicitsinvalidatecache function, which incorrectly places an iteration pointer ...

9.3CVSS5.3AI score0.00203EPSS

RedhatCVE•added 2026/06/05 7:45 p.m.•8 views

CVE-2026-37224

FlexRIC v2.0.0 crashes when receiving a duplicate E2SETUPREQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process port 36421 by sending two E2SETUPREQUESTs with t...

7.5CVSS5.5AI score0.00428EPSS

RedhatCVE•added 2026/06/05 7:43 p.m.•7 views

CVE-2026-8414

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS5.5AI score0.0013EPSS

RedhatCVE•added 2026/06/05 7:25 p.m.•8 views

CVE-2026-44309

A flaw was found in gitsign, a tool used for signing Git commits. This vulnerability, affecting the verify and verify-tag functions, occurs because gitsign re-encodes commit and tag objects before validating their signatures. A remote attacker could exploit this by crafting a malformed git object...

5.3CVSS5.3AI score0.00119EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:22 p.m.•9 views

CVE-2026-34063

Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, network-libp2p discovery uses a libp2p ConnectionHandler state machine. the handler assumes there is at most one inbound and one outbound discovery substream per connection. if a remote peer...

7.5CVSS5.6AI score0.00352EPSS

RedhatCVE•added 2026/06/05 7:21 p.m.•10 views

CVE-2026-3499

The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 13.4.6 through 13.5.2.1. This is due to missing or incorrect nonce validation on the ajaxmigratetocustomposttype,...

8.8CVSS5.4AI score0.00165EPSS

RedhatCVE•added 2026/06/05 7:17 p.m.•9 views

CVE-2026-33804

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

9.1CVSS5.4AI score0.00278EPSS

RedhatCVE•added 2026/06/05 7:17 p.m.•7 views

CVE-2026-33808

Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when ignoreDuplicateSlashes is enabled, or...

9.1CVSS5.4AI score0.00483EPSS

Exploits1References1

CNNVD•added 2026/06/05 12:0 a.m.•7 views

decompress 安全漏洞

Decompress is a file decompression tool personally developed by Kevin Mårtensson. Decompress has a security vulnerability; this vulnerability arises when decompressing a ZIP archive that contains two entries with the same path. Due to issues with the order of micro-task processing, arbitrary file...

6.4CVSS5.5AI score0.00431EPSS

SUSE CVE•added 2026/06/04 2:30 a.m.•12 views

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

8.1CVSS5.8AI score0.00263EPSS

RedhatCVE•added 2026/06/03 11:40 a.m.•9 views

CVE-2026-9334

A flaw was found in perl-Cpanel-JSON-XS. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted JSON input with duplicate object keys. When the dupkeysasarrayref option is enabled, the decodehv function incorrectly processes the input, leading ...

7.3CVSS5.8AI score0.00263EPSS

NVD•added 2026/06/03 1:16 a.m.•15 views

CVE-2026-9334

7.3CVSS0.00263EPSS

ATTACKERKB•added 2026/06/03 12:15 a.m.•7 views

CVE-2026-9334

5.8AI score0.00263EPSS

CVE•added 2026/06/03 12:15 a.m.•23 views

CVE-2026-9334

Cpanel::JSON::XS (Perl) is affected by a type-confusion issue in decode_hv() for versions before 4.41 when dupkeys_as_arrayref is enabled. The code tests duplicate keys by evaluating SvTYPE (old_value) != SVt_RV && SvTYPE (SvRV (old_value)) != SVt_PVAV, which dereferences a value via SvRV(old_val...

7.3CVSS5.8AI score0.00263EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/06/03 12:15 a.m.•37 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

0.00263EPSS

Vulnrichment•added 2026/06/03 12:15 a.m.•9 views

CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled

5.8AI score0.00263EPSS

EUVD•added 2026/06/03 12:15 a.m.•11 views

EUVD-2026-34060

7.3CVSS5.8AI score0.00263EPSS