CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/28 10:16 a.m.•4 views

UBUNTU-CVE-2026-46169

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread doesn't validate that the on-disk record size matches the expected si...

5.8AI score0.00024EPSS

Exploits0References8

OSV•added 2026/05/28 8:16 a.m.•3 views

DEBIAN-CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

OSV•added 2026/05/28 8:16 a.m.•6 views

UBUNTU-CVE-2026-44604

RedhatCVE•added 2026/05/28 5:59 a.m.•6 views

Exploits0References4

CVE-2026-44604

Debian CVE•added 2026/05/28 5:59 a.m.•6 views

Exploits0References3

CVE-2026-44604

CVE•added 2026/05/28 5:59 a.m.•12 views

Exploits0

CVE-2026-44604

CVE-2026-44604 affects the RPM rpmuncompress utility. The vulnerability arises when extracting ZIP, 7z, or GEM archives to a destination directory: the archive’s top-level folder name is inserted into a shell command without proper sanitization, allowing a crafted archive with shell metacharacter...

Cvelist•added 2026/05/28 5:59 a.m.•27 views

CVE-2026-44604 Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command

7CVSS0.00023EPSS

ATTACKERKB•added 2026/05/28 5:59 a.m.•7 views

CVE-2026-44604

Positive Technologies•added 2026/05/28 12:0 a.m.•6 views

Exploits0References3

PT-2026-44197

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Exploits0References3

rpm 操作系统命令注入漏洞

rpm is a powerful command-line-driven package management tool from the rpm organization. It is used for installing, uninstalling, verifying, querying, and updating software packages on Linux systems. rpm has a vulnerability related to operating system command injection. This vulnerability arises...

7CVSS6.1AI score0.00023EPSS

CVE•added 2026/05/27 7:40 p.m.•9 views

CVE-2026-8363

CVE-2026-8363: A stack-based buffer overflow in WOSDeviceDropFolder.dll occurs when processing a long URL path starting with /resources. Documented under Gladinet Triofox; affected component is WOSDeviceDropFolder.dll. CVSS v3.1 shows a critical base score of 9.8 (Network, No user interaction, pr...

9.8CVSS6.1AI score0.00056EPSS

Veracode•added 2026/05/23 5:59 a.m.•6 views

Path Traversal

Open WebUI is vulnerable to Path Traversal. The vulnerability is due to improper validation and sanitization of uploaded file names derived from HTTP upload requests, which allows an attacker to upload files with crafted dot-segments and traverse outside the intended uploads directory, potentiall...

9.8CVSS5.8AI score0.00079EPSS

Exploits1References1Affected Software1

EUVD•added 2026/05/22 12:31 a.m.•5 views

EUVD-2026-31368

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file removeFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

NVD•added 2026/05/21 10:16 p.m.•6 views

CVE-2026-8416

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file addFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

8.8CVSS0.00019EPSS

ATTACKERKB•added 2026/05/21 9:28 p.m.•2 views

CVE-2026-8416

Exploits0References2Affected Software1

CVE•added 2026/05/21 9:28 p.m.•7 views

CVE-2026-8416

Concrete CMS versions 9.0.0 through 9.4.x are vulnerable to Cross Site Request Forgery (CSRF) in the concrete/controllers/backend/file addFavoriteFolder($id) function. The issue stems from CSRF protection gaps in that endpoint. Public disclosures in multiple sources (including PT-2026-42572) conf...

8.8CVSS5.8AI score0.00019EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/21 9:28 p.m.•22 views

CVE-2026-8416 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id)

2.3CVSS0.00019EPSS

Vulnrichment•added 2026/05/21 9:28 p.m.•2 views

CVE-2026-8416 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id)

Vulnrichment•added 2026/05/21 9:27 p.m.•3 views

CVE-2026-8427 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id)