CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added yesterday•3 views

backpack/crud is vulnerable to Cross-Site Scripting (XSS)

Impact It’s a “moderate” vulnerability… but being an admin panel, take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them information...

5.1CVSS5.7AI score

Exploits0References4Affected Software1

CVE-2026-43924

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

4.8CVSS

CVE-2026-10766

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

3.6CVSS

CVE•added yesterday•4 views

CVE-2026-10766

The vulnerability CVE-2026-10766 affects mlrun up to 1.12.0-rc3, specifically the function mlrun.utils.helpers.calculate_dataframe_hash in DataFrame Hash Handler. The issue arises from a manipulation that leads to the use of a weak hash. Exploitation is possible only from a local environment, wit...

3.6CVSS4.7AI score

EUVD•added yesterday•4 views

EUVD-2026-34177

3.6CVSS4.7AI score

NVD•added yesterday•4 views

CVE-2026-46268

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmemallocmmap it uses "VMWARNONONCEPAGE!pagerefcountpage" to asser...

Exploits0References3

CVE-2026-46258

In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandlecreate In linehandlecreate, there is a statement like this: retainandnullptrlh; Soon after, there is a debug printout that dereferences "lh", which will crash things. Avoid the cras...

CVE-2026-46251

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list before calling switchcommitroots, as we do for the tree root and the...

Exploits0References6

CVE-2026-46252

In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulatorresolvesupply error path If late enabling of a supply regulator fails in regulatorresolvesupply, the code currently triggers a lockdep warning: WARNING: drivers/regulator/core.c:2649 at...

NVD•added yesterday•4 views

CVE-2026-46247

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 "clk: divider: remove roundrate in favor of determinerate" determining GFX3D clock rate crashes, because the passed parent map doesn't provide the...

Exploits0References6

EUVD•added yesterday•2 views

EUVD-2026-34135

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability...

6.1CVSS6AI score

Exploits0References1

ATTACKERKB•added yesterday•2 views

CVE-2026-20233

6.1CVSS6AI score

Exploits0References2Affected Software1

RedhatCVE•added yesterday•1 views

CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

7.5CVSS5.7AI score0.0004EPSS

Exploits1References1

ATTACKERKB•added yesterday•1 views

CVE-2026-46269

In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereference. The crash trace showed: 0.732084 Unable to handle kernel NULL point...

5.7AI score

Exploits0References4Affected Software1

Cvelist•added yesterday•4 views

CVE-2026-46262 ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()

In the Linux kernel, the following vulnerability has been resolved: ASoC: fslxcvr: Revert fix missing lock in fslxcvrmodeput This reverts commit f51424872760 "ASoC: fslxcvr: fix missing lock in fslxcvrmodeput". The original patch attempted to acquire the card-controlsrwsem lock in fslxcvrmodeput...

Debian CVE•added yesterday•1 views

CVE-2026-46260

In the Linux kernel, the following vulnerability has been resolved: i...

5.7AI score

Exploits0

EUVD•added yesterday•3 views

EUVD-2026-34118

In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfswritepages LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on...

5.8AI score

Exploits0References3

CVE•added yesterday•2 views

CVE-2026-46252

The CVE-2026-46252 entry documents a Linux kernel regulator core issue: in regulator_resolve_supply(), late enabling a supply regulator could trigger a lockdep warning when _regulator_put() is called without holding regulator_list_mutex. The fix switches to using regulator_put() and adds proper l...

5.8AI score