CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/26 10:53 p.m.•7 views

CVE-2026-8647

5.8AI score0.00036EPSS

Cvelist•added 2026/05/26 10:53 p.m.•27 views

CVE-2026-8647 Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available

0.00036EPSS

Exploits0References2

Cvelist•added 2026/05/26 9:29 p.m.•28 views

CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name SAN could cause the validation process to incorrectly fall back to checking the Common Name CN field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to...

8.2CVSS0.00052EPSS

Exploits0References5

Vulnrichment•added 2026/05/26 9:29 p.m.•5 views

CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name

EUVD•added 2026/05/26 9:29 p.m.•8 views

Exploits0References5

EUVD-2026-32011

RedhatCVE•added 2026/05/26 9:29 p.m.•11 views

CVE-2026-42013

ATTACKERKB•added 2026/05/26 9:29 p.m.•9 views

CVE-2026-42012

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00044EPSS

Exploits0References6

Cvelist•added 2026/05/26 8:0 p.m.•30 views

CVE-2026-44449 Lumiverse: SMB `exists()` basename injection via smbclient `!cmd` escape

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPathfullPath call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script without validation...

9.1CVSS0.00103EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 8:0 p.m.•5 views

CVE-2026-44449

9.1CVSS6AI score0.00103EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2026/05/26 7:4 a.m.•8 views

gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name

RedHat Linux•added 2026/05/26 6:51 a.m.•7 views

gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name

RedHat Linux•added 2026/05/26 6:51 a.m.•6 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

7.1CVSS5.8AI score0.00044EPSS

Positive Technologies•added 2026/05/26 12:0 a.m.•8 views

PT-2026-43430

Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The random bytes function fell back to using the built-in rand function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or...

5.8AI score0.00036EPSS

Exploits0References5

OSSF Malicious Packages•added 2026/05/25 11:10 p.m.•11 views

Malicious code in bandkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2586b0e7114265fe8e85fee87db4b264f1dce9a574916b333af41870369e44a bandkit ships a React/Solidity 'strategy bot' library whose deployment helper hardcodes an XOR-obfuscated Ethereum address...

5.8AI score

OSV•added 2026/05/25 11:10 p.m.•2 views

MAL-2026-4496 Malicious code in bandkit (npm)

5.8AI score

SUSE CVE•added 2026/05/21 2:47 a.m.•7 views

SUSE CVE-2024-3219

The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don't support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...

5.1CVSS7.3AI score0.00062EPSS