CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

367 matches found

OSV•added 2026/06/11 5:10 p.m.•3 views

GHSA-4MJ9-PF4R-CQRC Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset

Summary Several Kolibri API endpoints accept an unvalidated baseurl parameter and fetch attacker-controlled URLs from the Kolibri server, reflecting the response body back to the caller. The original report identified two endpoints on the RemoteFacilityUser viewsets; remediation review found two...

5.8CVSS5.8AI score0.00047EPSS

Exploits0References3

Github Security Blog•added 2026/06/11 5:10 p.m.•9 views

Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset

5.8AI score0.00047EPSS

Exploits0References3Affected Software1

IBM Security Bulletins•added 2026/05/22 1:5 p.m.•8 views

Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the cryptography package (CVE-2026-39892)

Summary The cryptography package is used by the z/TPF system as part of runtime metrics collection RTMC. Vulnerability Details CVEID:CVE-2026-39892 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if...

9.8CVSS5.9AI score0.00525EPSS

Exploits0Affected Software1

Packet Storm News•added 2026/05/08 12:0 a.m.•9 views

SL5 Standard for AI Security

Security Level 5 SL5 is a security posture for AI systems that could plausibly thwart top-priority operations by the world's most cyber-capable institutions: those with extensive resources, state-level infrastructure, and expertise years ahead of the public state of the art. The SL5 terminology...

5.8AI score

Exploits0

IBM Security Bulletins•added 2026/04/13 2:11 p.m.•1 views

Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the cryptography package (CVE-2026-34073)

Summary The cryptography package is used by the z/TPF system as part of runtime metrics collection RTMC. Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS nam...

6.3CVSS5.7AI score0.00154EPSS

Exploits0Affected Software1

Wired Threat Level•added 2026/04/03 9:0 a.m.•1 views

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The Quizlet flashcards, which WIRED found through basic Google searches, seem to include sensitive information about gate security at Customs and Border Protection locations...

5.9AI score

Exploits0

IBM Security Bulletins•added 2026/02/08 4:14 p.m.•9 views

Security Bulletin: A vulnerability in IBM Semeru Runtime affects z/Transaction Processing Facility

Summary There is a vulnerability in IBM® Semeru Runtime Certified Edition 11 and IBM® Semeru Runtime Certified Edition 21 that are used by the z/TPF system. z/TPF has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE...

5.9CVSS5.6AI score0.00487EPSS

Exploits0Affected Software1

ATTACKERKB•added 2026/01/13 3:29 p.m.•3 views

CVE-2025-68816

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fwtracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings received from...

5.4AI score0.00173EPSS

Exploits0References8Affected Software1

NVD•added 2025/11/24 4:15 a.m.•2 views

CVE-2025-13589

FMS developed by Otsuka Information Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

5.1CVSS0.00386EPSS

Exploits0References2

Cvelist•added 2025/10/31 6:31 p.m.•7 views

CVE-2025-64348 ELOG configuration file authorization bypass

ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow...

9.3CVSS0.00268EPSS

Exploits0References4

SUSE CVE•added 2025/10/29 1:53 a.m.•3 views

SUSE CVE-2023-53702

In the Linux kernel, the following vulnerability has been resolved: s390/crypto: use vector instructions only if available for ChaCha20 Commit 349d03ffd5f6 "crypto: s390 - add crypto library interface for ChaCha20" added a library interface to the s390 specific ChaCha20 implementation. However no...

6.2AI score0.00193EPSS

Exploits0References3

OSV•added 2025/10/22 2:15 p.m.•2 views

UBUNTU-CVE-2023-53702

5.7AI score0.00193EPSS

Exploits0References6