CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/02 7:21 p.m.•2 views

ALPINE-CVE-2026-34743

5.3CVSS5.8AI score0.00063EPSS

Exploits0References1

OSV•added 2026/04/02 7:21 p.m.•0 views

UBUNTU-CVE-2026-34743

CVE•added 2026/04/02 6:36 p.m.•37 views

CVE-2026-34743

CVE-2026-34743 is linked to a security fix for the xz package in Slackware: the Slackware-15.0 and -current trees received updated xz packages (5.2.13 for i586/x86_64, and 5.8.3 for -current) to address a buffer overflow in lzma_index_append and invalid memory access in --files/--files0. Affected...

Cvelist•added 2026/04/02 6:36 p.m.•16 views

CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()

6.3CVSS0.00063EPSS

Vulnrichment•added 2026/04/02 6:36 p.m.•0 views

CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()

6.3CVSS6.1AI score0.00063EPSS

EUVD•added 2026/04/02 6:36 p.m.•2 views

EUVD-2026-18505

ATTACKERKB•added 2026/04/02 6:36 p.m.•1 views

CVE-2026-34743

Snyk•added 2026/04/02 6:36 p.m.•2 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the lzmaindexdecoder function when processing an empty index, followed by a call to lzmaindexappend. An attacker can cause a buffer overflow and disrupt service availability by providing a specially crafted...

7.4CVSS6.1AI score0.00063EPSS

Exploits0References2

RedHat Linux•added 2026/04/02 10:59 a.m.•3 views

mariadb: MariaDB Server Crash Due to Empty Backtrace Log

A flaw was found in MariaDB Server. This vulnerability may allow an attacker to cause a crash via an issue related to makeaggrtablesinfo and optimizestage2, resulting in an empty backtrace log...

4.9CVSS6.6AI score0.00445EPSS

Exploits0References5

Github Security Blog•added 2026/04/01 11:29 p.m.•5 views

PraisonAI Has Authentication Bypass via OAuthManager.validate_token()

Summary OAuthManager.validatetoken returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. Details...

9.1CVSS6AI score0.00022EPSS

Exploits1References3Affected Software1

NVD•added 2026/04/01 9:17 p.m.•3 views

CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

8.2CVSS0.00019EPSS

OSV•added 2026/04/01 9:17 p.m.•1 views

DEBIAN-CVE-2026-34531

8.2CVSS5.6AI score0.00019EPSS

Exploits0References1

UbuntuCve•added 2026/04/01 9:17 p.m.•1 views

CVE-2026-34531

8.2CVSS5.8AI score0.00019EPSS

OSV•added 2026/04/01 9:17 p.m.•0 views

UBUNTU-CVE-2026-34531

8.2CVSS5.7AI score0.00019EPSS

Exploits0References5

ATTACKERKB•added 2026/04/01 8:44 p.m.•0 views

CVE-2026-34531

6.5CVSS5.8AI score0.00019EPSS

Debian CVE•added 2026/04/01 8:44 p.m.•5 views

CVE-2026-34531

8.2CVSS5.6AI score0.00019EPSS

Exploits0

Cvelist•added 2026/04/01 8:44 p.m.•26 views

CVE-2026-34531 Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

6.5CVSS0.00019EPSS

CVE•added 2026/04/01 8:44 p.m.•17 views

CVE-2026-34531

CVE-2026-34531 affects Flask-HTTPAuth (Python package) and concerns the token verification callback receiving an empty string when a request targets a token-protected resource without a token or with an empty token. This could allow authentication against any user whose token is an empty string. ...

8.2CVSS5.8AI score0.00019EPSS