CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/11 12:0 a.m.•6 views

OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained a path traversal vulnerability. This vulnerability stemmed from the webchat audio embedding assistant’s failure to apply a check for the inclusion of the local medi...

6.3CVSS5.8AI score0.00052EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•6 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-puma (UTSA-2026-017512)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017512 advisory. In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma...

7.5CVSS6.7AI score0.01782EPSS

CNNVD•added 2026/05/11 12:0 a.m.•6 views

Cowlib 资源管理错误漏洞

Cowlib is a web protocol message parsing and building library developed by Nine Nines. In versions 0.6.0 to 2.16.1 of Cowlib, there was a resource management error vulnerability. This vulnerability stemmed from the block transfer encoding parser in the cowhttpte module, which allowed unlimited...

8.7CVSS5.8AI score0.00114EPSS

Exploits0References2

EUVD•added 2026/05/10 3:31 p.m.•8 views

EUVD-2021-34796

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00416EPSS

Exploits1References4

PyPA•added 2026/05/10 1:16 p.m.•14 views

PYSEC-2026-131

8.8CVSS6.7AI score0.00416EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/05/10 12:43 p.m.•3 views

CVE-2021-47935

8.8CVSS6.7AI score0.00416EPSS

Exploits1References3Affected Software1

GithubExploit•added 2026/05/10 9:49 a.m.•59 views

SECURING-AGAINST-XSS

No d...

5.8AI score

Exploits0

NVD•added 2026/05/10 6:16 a.m.•8 views

CVE-2026-6104

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS0.00026EPSS

OSV•added 2026/05/10 6:16 a.m.•4 views

UBUNTU-CVE-2026-6104

UbuntuCve•added 2026/05/10 6:16 a.m.•2 views

CVE-2026-6104

NVD•added 2026/05/10 5:16 a.m.•9 views

Exploits0References2

CVE-2026-7259

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS0.00064EPSS

OSV•added 2026/05/10 5:16 a.m.•4 views

UBUNTU-CVE-2026-7259

6.5CVSS5.8AI score0.00064EPSS

UbuntuCve•added 2026/05/10 5:16 a.m.•4 views

CVE-2026-7259

6.5CVSS5.8AI score0.00064EPSS

Exploits0References2

Vulnrichment•added 2026/05/10 4:35 a.m.•5 views

CVE-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

6.3CVSS5.9AI score0.00026EPSS

AlpineLinux•added 2026/05/10 4:35 a.m.•7 views

CVE-2026-6104

CVE•added 2026/05/10 4:35 a.m.•15 views

Exploits0

CVE-2026-6104

CVE-2026-6104 affects PHP 8.4.x before 8.4.21 and 8.5.x before 8.5.6. When an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, code assumes that strncasecmp() returning 0 guarantees equal length, enabling an out-of-bounds read of glob...

Exploits0References1Affected Software1

EUVD•added 2026/05/10 4:35 a.m.•6 views

EUVD-2026-28979

6.3CVSS5.9AI score0.00026EPSS