CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

889 matches found

CVE-2026-41322

@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all...

5.3CVSS5.3AI score0.00056EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-35462

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — regardless of its expiration date — is accepted indefinitely, allowing a user whose key has expire...

4.3CVSS5.5AI score0.00041EPSS

Exploits1References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-6967

Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cach...

7.1CVSS5.5AI score0.00024EPSS

Exploits0References1

RedhatCVE•added 2 days ago•7 views

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS5.5AI score0.00074EPSS

Exploits0References1

RedhatCVE•added 2 days ago•4 views

CVE-2026-8670

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...

9.6CVSS5.5AI score0.00046EPSS

Exploits0References1

NVD•added 3 days ago•8 views

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS0.00041EPSS

Exploits0References2

ATTACKERKB•added 3 days ago•4 views

CVE-2026-43926

6.3CVSS5.8AI score0.00041EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 3 days ago•6 views

Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 Multiple Vulnerabilities (ESA-2026-30 / ESA-2026-33 / ESA-2026-34 / ESA-2026-36)

The version of Kibana installed on the remote host is prior to 8.19.16 or 9.3.5. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-30, ESA-2026-33, ESA-2026-34, and ESA-2026-36 advisories. - A path traversal vulnerability was identified in Kibana's dashboard...

7.3CVSS5.5AI score0.00068EPSS

Exploits0References8

Positive Technologies•added 3 days ago•11 views

PT-2026-46229

6.3CVSS5.8AI score0.00041EPSS

Exploits0References3

Veeam•added 5 days ago•11 views

Failed to install Veeam Analytics Service. Failed to establish connection between the Veeam ONE server and Veeam Analytics service. Operation timed out: 10

Challenge After upgrading Veeam ONE to version 13.0.x, the Veeam Analytics Service installation fails with the following error: Failed to install Veeam Analytics Service. Failed to establish connection between the Veeam ONE server and Veeam Analytics service. Operation timed out: 10. The failure...

5.7AI score

Exploits0Affected Software1

RedhatCVE•added 2026/05/29 8:13 p.m.•5 views

CVE-2026-33463

Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...

5.3CVSS5.8AI score0.00068EPSS

Exploits0References1

Tenable Nessus•added 2026/05/29 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to...

8.1CVSS5.8AI score0.00561EPSS

Exploits2References3

CNNVD•added 2026/05/29 12:0 a.m.•7 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of cookie-session for authentication. The password update endpoint only updated the password...

7.5CVSS5.8AI score0.00017EPSS

Exploits1References1

NVD•added 2026/05/28 7:16 p.m.•7 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

8.1CVSS0.00052EPSS

Exploits1References2

OSV•added 2026/05/28 7:16 p.m.•6 views

UBUNTU-CVE-2026-44394

8.1CVSS5.8AI score0.00052EPSS

Exploits1References4

Vulnrichment•added 2026/05/28 12:0 a.m.•7 views

CVE-2026-44394

6CVSS5.8AI score0.00052EPSS

Exploits1References2

CNNVD•added 2026/05/28 12:0 a.m.•7 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the joint token revalidation mechanism, which did not propagate the expiration...

8.1CVSS5.8AI score0.00052EPSS

Exploits1References2