CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as well: BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasancheckrange+0xe8/0x190 asanloadN+0x1c/0x28 memcmp+0x98/0xd0...

7.1CVSS6.7AI score0.00022EPSS

Tenable Nessus•added 2026/05/02 12:0 a.m.•1 views

SUSE SLED15 / SLES15 Security Update : python-Pygments (SUSE-SU-2026:1667-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1667-1 advisory. - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Tenab...

4.8CVSS5.8AI score0.00007EPSS

Tenable Nessus•added 2026/05/02 12:0 a.m.•0 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Pygments (SUSE-SU-2026:1666-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1666-1 advisory. - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS...

4.8CVSS5.8AI score0.00007EPSS

SUSE Linux•added 2026/04/30 5:22 p.m.•1 views

Security update for python-Pygments

This update for python-Pygments fixes the following issues: CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

3.3CVSS5.8AI score0.00007EPSS

SUSE Linux•added 2026/04/30 5:22 p.m.•1 views

Security update for python-Pygments

3.3CVSS5.8AI score0.00007EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•1 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007029)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007029 advisory. In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as...

7.1CVSS5.6AI score0.00022EPSS

RedhatCVE•added 2026/04/20 7:22 p.m.•2 views

CVE-2026-40306

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

NVD•added 2026/04/17 10:16 p.m.•1 views

CVE-2026-40306

6.9CVSS0.00041EPSS

ATTACKERKB•added 2026/04/17 9:9 p.m.•1 views

CVE-2026-40306

Exploits0References3Affected Software1

Cvelist•added 2026/04/17 9:9 p.m.•15 views

CVE-2026-40306 DNN has same HostGUID for all new installs

6.9CVSS0.00041EPSS

Vulnrichment•added 2026/04/17 9:9 p.m.•1 views

CVE-2026-40306 DNN has same HostGUID for all new installs

Snyk•added 2026/04/10 9:7 p.m.•1 views

Generation of Predictable Numbers or Identifiers

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers in the form of generation of identical HostGUID values during installation. An...

Positive Technologies•added 2026/04/10 12:0 a.m.•1 views

PT-2026-32982

OSV•added 2026/03/22 6:30 a.m.•1 views

Exploits0References6

GHSA-5239-WWWM-4PMQ Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been release...

4.8CVSS5.4AI score0.00007EPSS

Exploits0References9

RedhatCVE•added 2026/02/20 1:27 p.m.•4 views

CVE-2025-15559

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

9.8CVSS6.1AI score0.00234EPSS

OSV•added 2026/02/19 11:15 a.m.•1 views

CVE-2025-15559

9.8CVSS6AI score

Vulnrichment•added 2026/02/19 10:45 a.m.•3 views

CVE-2025-15559 Unauthenticated OS Command Injection in NesterSoft WorkTime

5.9AI score0.00234EPSS

CVE•added 2026/02/19 10:45 a.m.•7 views

CVE-2025-15559

The CVE describes an unauthenticated OS command injection in NesterSoft WorkTime, exploitable via the server API endpoint used to generate/download the WorkTime client, specifically in the risk-prone “guid” parameter. The underlying issue allows arbitrary commands to run on the WorkTime server wi...

9.8CVSS6.1AI score0.00234EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20798

6.1AI score0.00234EPSS