CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16681 matches found

SUSE CVE•added 2026/05/16 1:14 a.m.•6 views

SUSE CVE-2026-8575

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00176EPSS

Exploits0References3

SUSE CVE•added 2026/05/16 1:14 a.m.•5 views

SUSE CVE-2026-8580

Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.8AI score0.00211EPSS

Exploits0References3

Tenable Nessus•added 2026/05/16 12:0 a.m.•7 views

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2026:1829-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1829-1 advisory. This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.1...

9.6CVSS6.1AI score0.00314EPSS

Exploits0References10

Tenable Nessus•added 2026/05/16 12:0 a.m.•6 views

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:1830-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1830-1 advisory. This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.2 ESR bsc1264378,MFSA 2026-41: -...

9.8CVSS5.9AI score0.00476EPSS

Exploits0References19

Tenable Nessus•added 2026/05/16 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-45803

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gh is GitHub's official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal...

3.5CVSS6.1AI score0.002EPSS

Exploits1References3

Tenable Nessus•added 2026/05/16 12:0 a.m.•34 views

Microsoft Edge (Chromium) < 148.0.3967.70 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 148.0.3967.70. It is, therefore, affected by multiple vulnerabilities as referenced in the May 15, 2026 advisory. - Microsoft Edge Chromium-based Remote Code Execution Vulnerability CVE-2026-45495 - Improper input...

9.8CVSS6.6AI score0.00633EPSS

Exploits0References159

RedhatCVE•added 2026/05/15 5:38 p.m.•4 views

CVE-2026-26332

A flaw was found in vm2, an open-source sandbox for Node.js. This vulnerability allows a remote attacker to escape the sandbox environment by exploiting the SuppressedError mechanism. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and...

10CVSS6.5AI score0.00576EPSS

Exploits1References5

Snyk•added 2026/05/15 5:31 p.m.•3 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization of escape sequences in log output from commands run with the --log and --log-failed options. An attacker can inject malicious content in workflow logs, which are then rendered unsanitized in some terminal...

5.1CVSS5.9AI score0.002EPSS

Exploits1References2

Snyk•added 2026/05/15 5:31 p.m.•3 views

Improper Neutralization

5.1CVSS5.9AI score0.002EPSS

Exploits1References2

NVD•added 2026/05/15 4:16 p.m.•7 views

CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

3.5CVSS0.002EPSS

Exploits1References1

OSV•added 2026/05/15 4:16 p.m.•3 views

DEBIAN-CVE-2026-45803

3.5CVSS6AI score0.002EPSS

Exploits1References1

NVD•added 2026/05/15 4:16 p.m.•18 views

CVE-2026-35194

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS0.00381EPSS

Exploits0References2

UbuntuCve•added 2026/05/15 4:16 p.m.•7 views

CVE-2026-45803

3.5CVSS6AI score0.002EPSS

Exploits1References2

OSV•added 2026/05/15 4:16 p.m.•2 views

UBUNTU-CVE-2026-45803

3.5CVSS6AI score0.002EPSS

Exploits1References3

Vulnrichment•added 2026/05/15 4:0 p.m.•6 views

CVE-2026-44641 Microsoft APM: plugin.json component paths escape plugin root and copy arbitrary host files during install

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but...

7.1CVSS5.9AI score0.00351EPSS

Exploits0References1

CVE•added 2026/05/15 4:0 p.m.•12 views

CVE-2026-44641

CVE-2026-44641 affects Microsoft APM. Before version 0.8.12, the plugin-loading flow copies components listed in plugin.json into the .apm/ directory and does not validate that manifest paths (agents, skills, commands, hooks) stay inside the plugin root. An attacker can supply absolute or ../ tra...

7.1CVSS5.9AI score0.00351EPSS

Exploits0References1