CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1344 matches found

CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

6.3CVSS5.5AI score0.00051EPSS

Exploits0References1

RedhatCVE•added yesterday•4 views

CVE-2026-7282

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function deleteexpired of the file /ajax.php?action=deleteexpired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is...

5.8CVSS5.5AI score0.00039EPSS

Exploits0References1

RedhatCVE•added yesterday•4 views

CVE-2026-7283

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function saveexpired of the file /ajax.php?action=saveexpired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit ha...

5.8CVSS5.4AI score0.00039EPSS

Exploits0References1

CVE•added 4 days ago•6 views

CVE-2026-41577

CVE-2026-41577 affects the open‑source identity provider authentik. The SAML source response processor (ResponseProcessor.parse()) does not validate the Conditions element on assertions prior to versions 2025.12.5 and 2026.2.3. Specifically, NotBefore, NotOnOrAfter, and AudienceRestriction are ig...

7.5CVSS5.7AI score0.00005EPSS

Exploits0References1Affected Software1

Vulnrichment•added 4 days ago•3 views

CVE-2026-41577 authentik: SAML source does not validate Conditions, timing, or audience on assertions

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

6.9CVSS5.7AI score0.00005EPSS

Exploits0References1

UbuntuCve•added 2026/05/29 12:0 a.m.•4 views

CVE-2026-42791

6.3CVSS5.8AI score0.00051EPSS

Exploits0References9

Tenable Nessus•added 2026/05/29 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-42791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificat...

6.3CVSS5.8AI score0.00051EPSS

Exploits0References3

NVD•added 2026/05/28 9:16 a.m.•5 views

CVE-2024-47096

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do...

5.1CVSS0.00217EPSS

Exploits0References1

Vulnrichment•added 2026/05/28 8:25 a.m.•5 views

CVE-2024-47096 Reflected Cross-Site Scripting in Follet School Solutions Destiny

5.1CVSS6AI score0.00217EPSS

Exploits0References1

CVE•added 2026/05/28 8:25 a.m.•9 views

CVE-2024-47096

CVE-2024-47096 is a reflected cross-site scripting vulnerability in Follet School Solutions Destiny prior to v22.0.1 AU1. The issue allows a remote attacker to execute arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do. According to the NVD entry, the CVS...

5.1CVSS6AI score0.00217EPSS

Exploits0References1

SUSE CVE•added 2026/05/28 3:58 a.m.•10 views

SUSE CVE-2026-42791

6.3CVSS5.8AI score0.00051EPSS

Exploits0References3

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana. This vulnerability stems from issues with operations after resources expire or terminate. As a result, time-limited access tokens can still be used beyon...

5.3CVSS5.8AI score0.00068EPSS

Exploits0References2

OSV•added 2026/05/27 2:16 p.m.•7 views

DEBIAN-CVE-2026-42791

3.7CVSS5.8AI score0.00051EPSS

Exploits0References1

NVD•added 2026/05/27 2:16 p.m.•9 views

CVE-2026-42791

6.3CVSS0.00051EPSS

Exploits0References6

OSV•added 2026/05/27 2:16 p.m.•4 views

UBUNTU-CVE-2026-42791

6.3CVSS5.8AI score0.00051EPSS

Exploits0References10

Debian CVE•added 2026/05/27 12:23 p.m.•6 views

CVE-2026-42791

6.3CVSS5.8AI score0.00051EPSS

Exploits0

Cvelist•added 2026/05/27 12:23 p.m.•31 views

CVE-2026-42791 OCSP responder certificate validity period not checked in public_key

6.3CVSS0.00051EPSS

Exploits0References6

OSV•added 2026/05/27 12:23 p.m.•4 views

EEF-CVE-2026-42791 OCSP responder certificate validity period not checked in public_key

Summary Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

6.3CVSS5.9AI score0.00051EPSS

Exploits0References5