CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

905 matches found

Github Security Blog•added 5 hours ago•3 views

Element Call reports full URLs of visited pages to analytics server

Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...

5.5AI score

Exploits0References3Affected Software1

Nuclei•added 15 hours ago•30 views

Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

8.6CVSS7.9AI score0.53034EPSS

Exploits0References3

Tenable Nessus•added yesterday•3 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2276)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating out-of-placeCVE-2026-31431 Tenable has...

8.8CVSS7.6AI score0.26337EPSS

Exploits252References3

Tenable Nessus•added yesterday•4 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2275)

8.8CVSS7.6AI score0.26337EPSS

Exploits252References3

Cvelist•added 2 days ago•25 views

CVE-2026-46323 net: gro: don't merge zcopy skbs

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...

0.00018EPSS

Exploits0References5

Veracode•added 2 days ago•6 views

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded accumulation of incomplete SCTP message fragments in nested CompositeByteBuf structures without limits on fragment count, size, or stream identifiers, which allows an attacker to exhaust memory and processing...

5.5AI score

Exploits0

Github Security Blog•added 3 days ago•7 views

Netty: SCTP reassembly nests buffers without bound

For each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding...

5.7AI score

Exploits0References4Affected Software1

Tenable Nessus•added 3 days ago•7 views

TencentOS Server 4: gnutls (TSSA-2026:0305)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0305 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS6AI score0.00089EPSS

Exploits0References2

Positive Technologies•added 3 days ago•8 views

PT-2026-47611

7.5CVSS5.7AI score

Exploits0References5

OSV•added last week•4 views

USN-8391-1 linux-raspi, linux-raspi-5.4 vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

9.8CVSS6.2AI score0.40266EPSS

Exploits256References14

Ubuntu•added last week•9 views

USN-8390-1: Linux kernel vulnerability

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS6.1AI score0.26337EPSS

Exploits29

OSV•added last week•7 views

USN-8390-1 linux, linux-azure, linux-azure-4.15, linux-azure-fips, linux-fips, linux-gcp-4.15, linux-gcp-fips, linux-kvm, linux-oracle vulnerability

8.8CVSS6.2AI score0.26337EPSS

Exploits29References2

Ubuntu•added last week•7 views

USN-8389-1: Linux kernel vulnerabilities

8.8CVSS6AI score0.40266EPSS

Exploits33

Ubuntu•added last week•9 views

USN-8388-1: Linux kernel vulnerabilities

8.8CVSS6.1AI score0.40266EPSS

Exploits43

NVD•added 2026/06/04 3:16 p.m.•8 views

CVE-2026-47706

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS0.00051EPSS

Exploits1References2

Ubuntu•added 2026/06/02 5:12 p.m.•14 views

USN-8373-1: Linux kernel vulnerabilities

8.8CVSS6.5AI score0.40266EPSS

Exploits43

Ubuntu•added 2026/06/02 1:52 p.m.•12 views

USN-8370-1: Linux kernel vulnerabilities

8.8CVSS6.3AI score0.40266EPSS

Exploits43

RedhatCVE•added 2026/05/27 8:13 p.m.•10 views

CVE-2026-44451

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...

9.3CVSS5.7AI score0.00043EPSS

Exploits0References1

NVD•added 2026/05/26 9:16 p.m.•14 views

CVE-2026-44451

9.3CVSS0.00043EPSS

Exploits0References1