CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16840 matches found

Tenable Nessus•added 2026/03/09 12:0 a.m.•2 views

RHEL 8 : thunderbird (RHSA-2026:3980)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3980 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox:...

10CVSS6.1AI score0.00622EPSS

Exploits0References78

Tenable Nessus•added 2026/03/09 12:0 a.m.•4 views

RHEL 8 : thunderbird (RHSA-2026:3979)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3979 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox:...

10CVSS6.1AI score0.00622EPSS

Exploits0References78

Tenable Nessus•added 2026/03/09 12:0 a.m.•3 views

RHEL 9 : thunderbird (RHSA-2026:3982)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3982 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox:...

10CVSS6.1AI score0.00622EPSS

Exploits0References78

Snyk•added 2026/03/07 6:44 p.m.•3 views

Cross-site Scripting (XSS)

Overview league/commonmark is a PHP-based Markdown parser which supports the full CommonMark spec. It is based on the CommonMark JS reference implementation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DisallowedRawHtml extension when a newline, tab, or...

6.1CVSS5.7AI score0.00217EPSS

Exploits0References2

OSV•added 2026/03/07 4:15 p.m.•3 views

DEBIAN-CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

6.3CVSS5.8AI score0.00276EPSS

Exploits2References1

UbuntuCve•added 2026/03/07 4:15 p.m.•2 views

CVE-2026-29786

8.2CVSS5.7AI score0.00276EPSS

Exploits2References3

OSV•added 2026/03/07 4:15 p.m.•3 views

UBUNTU-CVE-2026-29786

8.2CVSS5.8AI score0.00276EPSS

Exploits2References4

OSV•added 2026/03/07 5:49 a.m.•2 views

CVE-2026-30830 Defuddle: XSS via unescaped string interpolation in _findContentBySchemaText image tag

Defuddle cleans up HTML pages. Prior to version 0.9.0, the findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event...

5.3CVSS5.7AI score0.00252EPSS

Exploits1References4

OSV•added 2026/03/07 2:31 a.m.•4 views

GHSA-6F6W-6J58-RQ76 Withdrawn Advisory: Shescape has possible misidentification of shell due to link chains

Withdrawn Advisory This advisory has been withdrawn because it falls outside the https://github.com/ericcornelissen/shescape/blob/a2544a1c78cae19d0e81a485b997bf0b0fcc2c12/SECURITY.mdthreat-model. This link is maintained to preserve external references. Original Description Impact This impacts use...

6.3CVSS5.7AI score0.00052EPSS

Exploits0References7

OSV•added 2026/03/07 2:30 a.m.•1 views

GHSA-H343-GG57-2Q67 OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE

Summary OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By leveraging a standard prototype-chain escape this.constructor.constructor, an...

9.9CVSS6.2AI score0.00387EPSS

Exploits1References3

EUVD•added 2026/03/07 12:30 a.m.•5 views

EUVD-2026-10087

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

5.9AI score0.00201EPSS

Exploits0References5

EUVD•added 2026/03/07 12:30 a.m.•5 views

EUVD-2026-10088

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

5.7AI score0.00328EPSS

Exploits0References5

SUSE CVE•added 2026/03/07 12:25 a.m.•3 views

SUSE CVE-2026-27142

5.4CVSS5.7AI score0.00328EPSS

Exploits0References13

Positive Technologies•added 2026/03/07 12:0 a.m.•5 views

PT-2026-24091

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.18 Description OneUptime allows project members to execute custom Playwright/JavaScript code via Synthetic Monitors. This code is executed within the Node.js vm module, which is not a secure sandbox. An attacke...

9.9CVSS6AI score0.00387EPSS

Exploits1References11

Tenable Nessus•added 2026/03/07 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root ...

2.5CVSS7.7AI score0.00201EPSS

Exploits0References4