CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/02 12:0 a.m.•10 views

SUSE SLED15 / SLES15 Security Update : python-Pygments (SUSE-SU-2026:1667-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1667-1 advisory. - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Tenab...

4.8CVSS5.8AI score0.00156EPSS

Tenable Nessus•added 2026/05/02 12:0 a.m.•2 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Pygments (SUSE-SU-2026:1666-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1666-1 advisory. - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS...

4.8CVSS5.8AI score0.00156EPSS

SUSE Linux•added 2026/04/30 5:22 p.m.•2 views

Security update for python-Pygments

This update for python-Pygments fixes the following issues: CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

3.3CVSS5.8AI score0.00156EPSS

SUSE Linux•added 2026/04/30 5:22 p.m.•3 views

Security update for python-Pygments

3.3CVSS5.8AI score0.00156EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•5 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007029)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007029 advisory. In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as...

7.1CVSS5.6AI score0.00152EPSS

RedhatCVE•added 2026/04/20 7:22 p.m.•7 views

CVE-2026-40306

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

NVD•added 2026/04/17 10:16 p.m.•5 views

CVE-2026-40306

6.9CVSS0.00175EPSS

Vulnrichment•added 2026/04/17 9:9 p.m.•2 views

CVE-2026-40306 DNN has same HostGUID for all new installs

ATTACKERKB•added 2026/04/17 9:9 p.m.•2 views

CVE-2026-40306

Exploits0References3Affected Software1

Cvelist•added 2026/04/17 9:9 p.m.•17 views

CVE-2026-40306 DNN has same HostGUID for all new installs

6.9CVSS0.00175EPSS

Snyk•added 2026/04/10 9:7 p.m.•3 views

Generation of Predictable Numbers or Identifiers

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers in the form of generation of identical HostGUID values during installation. An...

Positive Technologies•added 2026/04/10 12:0 a.m.•4 views

PT-2026-32982

OSV•added 2026/03/22 6:30 a.m.•3 views

Exploits0References6

GHSA-5239-WWWM-4PMQ Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been release...

4.8CVSS5.4AI score0.00156EPSS

Exploits0References9

RedhatCVE•added 2026/02/20 1:27 p.m.•5 views

CVE-2025-15559

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

9.8CVSS6.1AI score0.00441EPSS

OSV•added 2026/02/19 11:15 a.m.•6 views

CVE-2025-15559

9.8CVSS6AI score0.00441EPSS

Vulnrichment•added 2026/02/19 10:45 a.m.•4 views

CVE-2025-15559 Unauthenticated OS Command Injection in NesterSoft WorkTime

5.9AI score0.00441EPSS

CVE•added 2026/02/19 10:45 a.m.•15 views

CVE-2025-15559

Summary: CVE-2025-15559 affects NesterSoft WorkTime. An unauthenticated OS command injection in the server API endpoint used to generate/download the WorkTime client (parameter: “guid”) allows execution of arbitrary commands on the WorkTime server with NT AUTHORITY\SYSTEM privileges, potentially ...

9.8CVSS6.1AI score0.00441EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/02/19 12:0 a.m.•6 views

NesterSoft WorkTime 安全漏洞

NesterSoft WorkTime is a project tracking software developed by the Canadian company NesterSoft. NesterSoft WorkTime has a security vulnerability, which stems from an OS command injection vulnerability in the server API endpoint GUID parameter. This vulnerability could allow for the execution of...

9.8CVSS6AI score0.00441EPSS