CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

589343 matches found

ATTACKERKB•added 2026/06/01 7:48 a.m.•15 views

CVE-2026-45360

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

6AI score0.00572EPSS

Exploits0References3

EUVD•added 2026/06/01 7:45 a.m.•9 views

EUVD-2026-33583

A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution...

9.8CVSS6.2AI score0.00452EPSS

Exploits0References1

Vulnrichment•added 2026/06/01 7:45 a.m.•10 views

CVE-2026-7858 Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x

9.8CVSS6.2AI score0.00452EPSS

Exploits0References1

Cvelist•added 2026/06/01 7:45 a.m.•32 views

9.8CVSS0.00452EPSS

Exploits0References1

CVE•added 2026/06/01 7:45 a.m.•25 views

CVE-2026-7858

CVE-2026-7858 involves a Deserialization of Untrusted Data flaw affecting Teamwork Cloud (No Magic Release 2022x–2026x) and Magic Collaboration Studio (CATIA Magic Release 2022x–2026x). The root cause is deserialization of untrusted data enabling unauthenticated remote code execution. The entry h...

9.8CVSS6.2AI score0.00452EPSS

Exploits0References1

GithubExploit•added 2026/06/01 7:43 a.m.•89 views

Exploit for Deserialization of Untrusted Data in Microsoft

Security Deserialization CVE-2026-45659 Overview A HIGH...

8.8CVSS6.1AI score0.01693EPSS

Exploits3

Cvelist•added 2026/06/01 7:34 a.m.•32 views

CVE-2026-49298 Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

0.00488EPSS

Exploits0References2

EUVD•added 2026/06/01 7:34 a.m.•11 views

EUVD-2026-33580

8.7CVSS5.8AI score0.00488EPSS

Exploits0References2

ATTACKERKB•added 2026/06/01 7:34 a.m.•7 views

CVE-2026-49298

8.7CVSS5.8AI score0.00488EPSS

Exploits0References3

CVE•added 2026/06/01 7:34 a.m.•26 views

CVE-2026-49298

Summary: CVE-2026-49298 affects Apache Airflow when using the KubernetesExecutor. JWT tokens used by worker pods to authenticate to the Execution API are exposed as command-line arguments in the pod spec, enabling a user with Kubernetes read-only access (pods/get) to harvest a token and perform s...

8.8CVSS5.8AI score0.00488EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/06/01 7:34 a.m.•8 views

CVE-2026-49298 Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

5.8AI score0.00488EPSS

Exploits0References2

ATTACKERKB•added 2026/06/01 7:23 a.m.•9 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

6.4AI score0.00404EPSS

Exploits1References2Affected Software3

Vulnrichment•added 2026/06/01 7:23 a.m.•10 views

CVE-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

6.4AI score0.00404EPSS

Exploits1References1

Cvelist•added 2026/06/01 7:23 a.m.•36 views

CVE-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector

0.00404EPSS

Exploits1References1

CVE•added 2026/06/01 7:23 a.m.•97 views

CVE-2026-42588

Apache ActiveMQ (Broker, All, and ActiveMQ) is affected by CVE-2026-42588 via the Jolokia JMX-HTTP bridge exposed on the web console (/api/jolokia/). The vulnerability arises when an authenticated attacker uses a crafted discovery URI to trigger the VM transport’s brokerConfig parameter with a ma...

8.1CVSS6.4AI score0.00404EPSS

Exploits1References2Affected Software2

EUVD•added 2026/06/01 7:23 a.m.•54 views

EUVD-2026-33577

8.1CVSS6.4AI score0.00404EPSS

Exploits1References1

CVE•added 2026/06/01 7:22 a.m.•40 views

CVE-2026-45505

CVE-2026-45505 details a Code Injection vulnerability in Apache ActiveMQ components (Broker/All/ActiveMQ) where non-standard Jolokia discovery wrappers (e.g., masterslave:vm://, static:vm://) bypass the fix for CVE-2026-34197. An authenticated attacker could abuse Jolokia’s JMX-HTTP bridge at /ap...

8.8CVSS6.4AI score0.00527EPSS

Exploits0References2Affected Software2

Vulnrichment•added 2026/06/01 7:22 a.m.•12 views

CVE-2026-45505 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

6.4AI score0.00527EPSS

Exploits0References2

ATTACKERKB•added 2026/06/01 7:22 a.m.•13 views

CVE-2026-45505

8.8CVSS7.2AI score0.87048EPSS

Exploits12References3Affected Software3

EUVD•added 2026/06/01 7:22 a.m.•17 views

EUVD-2026-33576

8.8CVSS7.2AI score0.87048EPSS

Exploits12References2

Rows per page