CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11156 matches found

ATTACKERKB•added 2026/02/19 8:43 p.m.•3 views

CVE-2026-27476

RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the targe...

9.8CVSS6.2AI score0.00389EPSS

Exploits1References2Affected Software1

Github Security Blog•added 2026/02/19 8:32 p.m.•6 views

Feathers exposes internal headers via unencrypted session cookie

All HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal proxy/gateway headers to clients. The OAuth service stores the complete headers object in the session: javascript //...

8.2CVSS5.6AI score0.00013EPSS

Exploits0References5Affected Software1

Snyk•added 2026/02/19 7:32 p.m.•2 views

Improper Encoding or Escaping of Output

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the addJS method. An attacker can inject arbitrary PDF objects and execute malicious actions or alter the document structure by supplying...

8.8CVSS6AI score0.00026EPSS

Exploits2References3

Ubuntu•added 2026/02/19 1:16 p.m.•7 views

USN-8053-1: libvpx vulnerability

It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...

8.8CVSS5.8AI score0.00019EPSS

Exploits0

NVD•added 2026/02/19 11:15 a.m.•4 views

CVE-2025-15562

The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper encoding or filtering. This allows an attacker to execute arbitrary JavaScript in the victim's browser if the victim opens a URL prepared by the attacker...

6.1CVSS0.00039EPSS

Exploits0References1

OSV•added 2026/02/19 11:15 a.m.•2 views

CVE-2025-15562

6.1CVSS6AI score0.00039EPSS

Exploits0References1

CVE•added 2026/02/19 10:54 a.m.•7 views

CVE-2025-15562

CVE-2025-15562 is a reflected cross-site scripting vulnerability affecting NesterSoft WorkTime. The issue occurs at the server API endpoint /report/internet/urls, which reflects user-supplied data into the HTML response without proper encoding or filtering. This can allow an attacker to execute a...

6.1CVSS6AI score0.00039EPSS

Exploits0References1Affected Software1

OSV•added 2026/02/19 7:17 a.m.•2 views

CVE-2026-2703

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decodebase64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access...

5.5CVSS5.1AI score

Exploits0References7

Positive Technologies•added 2026/02/19 12:0 a.m.•5 views

PT-2026-20801

6AI score0.00039EPSS

Exploits0References1

CNNVD•added 2026/02/19 12:0 a.m.•4 views

NesterSoft WorkTime 安全漏洞

NesterSoft WorkTime is a project tracking software developed by the Canadian company NesterSoft. NesterSoft WorkTime has a security vulnerability that stems from improper encoding or filtering of data at the internet/urls endpoint, which may lead to cross-site scripting attacks...

6.1CVSS5.6AI score0.00039EPSS

Exploits0References1

NVD•added 2026/02/18 2:16 p.m.•2 views

CVE-2026-1438

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

6.1CVSS0.00049EPSS

Exploits0References1

NVD•added 2026/02/18 2:16 p.m.•2 views

CVE-2026-1440

6.1CVSS0.00049EPSS

Exploits0References1

OSV•added 2026/02/18 2:16 p.m.•2 views

CVE-2026-1441

6.1CVSS6.1AI score

Exploits0References1

Cvelist•added 2026/02/18 1:13 p.m.•18 views

CVE-2026-1438 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface

5.3CVSS0.00049EPSS

Exploits0References1

Positive Technologies•added 2026/02/18 12:0 a.m.•4 views

PT-2026-20396

5.3CVSS6.1AI score0.00049EPSS

Exploits0References2

Positive Technologies•added 2026/02/18 12:0 a.m.•3 views

PT-2026-20395

5.3CVSS6.1AI score0.00049EPSS

Exploits0References2

CNNVD•added 2026/02/18 12:0 a.m.•4 views

InvoicePlane 跨站脚本漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability, which stems from the Family Name field not bei...

4.8CVSS5.6AI score0.00016EPSS

Exploits2References2

Positive Technologies•added 2026/02/18 12:0 a.m.•2 views

PT-2026-20393

5.3CVSS6.1AI score0.00058EPSS

Exploits0References2

OSV•added 2026/02/17 9:52 a.m.•1 views

SUSE-SU-2026:20493-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-13601: Fixed integer overflow in in gescapeuristring bsc1254297. - CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption bsc1254662. - CVE-2025-14512: Fixed integer Overflow in GLib GIO Attribute Escaping...

9.8CVSS7.3AI score0.0005EPSS

Exploits2References15

OSV•added 2026/02/17 9:35 a.m.•1 views

SUSE-SU-2026:20481-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-24515: failure to copy the encoding handler data passed to XMLSetUnknownEncodingHandler may cause a NULL dereference bsc1257144. - CVE-2026-25210: lack of buffer size check can lead to an integer overflow bsc1257496...

7.8CVSS7.3AI score0.00007EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by