CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/15 5:5 p.m.•13 views

CVE-2026-42155

Summary of CVE-2026-42155 (Magento OpenMage LTS): The issue affects OpenMage/magento-lts OpenMage LTS releases via the legacy API session ID generation in Mage_Api_Model_Session::start(), where the session ID is md5(time() . uniqid('', true) . (possibly null sessionName)). This yields very low en...

9.3CVSS5.9AI score0.00055EPSS

Cvelist•added 2026/05/15 5:5 p.m.•36 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based...

9.3CVSS0.00055EPSS

EUVD•added 2026/05/15 5:5 p.m.•5 views

EUVD-2026-30565

9.3CVSS5.9AI score0.00055EPSS

Vulnrichment•added 2026/05/15 5:5 p.m.•7 views

CVE-2026-42155 Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

9.3CVSS5.9AI score0.00055EPSS

CVE•added 2026/05/15 4:51 p.m.•13 views

CVE-2026-44714

CVE-2026-44714 affects the bitcoinj Java library prior to 0.17.1. The issue lives in ScriptExecution.correctlySpends() and creates two fast-path verification bugs for P2PKH and native P2WPKH spends. In both paths, the code validates an attacker-controlled signature/public-key pair but does not ve...

7.5CVSS5.9AI score0.00011EPSS

Exploits0References3

ATTACKERKB•added 2026/05/15 4:51 p.m.•3 views

CVE-2026-44714

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS5.9AI score0.00011EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/15 4:51 p.m.•4 views

CVE-2026-44714 bitcoinj: ScriptExecution P2PKH/P2WPKH Verification Bypass

7.5CVSS5.9AI score0.00011EPSS

Exploits0References3

OSV•added 2026/05/15 4:31 p.m.•6 views

GHSA-27W2-87XV-37C6 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...

7.5CVSS6AI score0.00026EPSS

Exploits0References6

ATTACKERKB•added 2026/05/15 4:22 p.m.•5 views

CVE-2026-44309

5.3CVSS5.8AI score0.00013EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/15 4:2 p.m.•3 views

CVE-2026-45539

Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink...

7.4CVSS5.8AI score0.00052EPSS

Exploits0References2Affected Software1

OSV•added 2026/05/15 2:0 p.m.•4 views

OESA-2026-2295 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...

OSV•added 2026/05/15 2:0 p.m.•4 views

OESA-2026-2294 expat security update

OSV•added 2026/05/15 2:0 p.m.•5 views

OESA-2026-2293 expat security update

RedhatCVE•added 2026/05/15 11:48 a.m.•9 views

CVE-2026-44348

A flaw was found in PoDoFo, a C++17 PDF manipulation library. A double-free vulnerability exists in the computehashtosign function. This can occur if EVPDigestFinal fails after a buffer has already been freed, leading to heap corruption. This vulnerability could allow a local attacker to cause a...

2.5CVSS5.8AI score0.00014EPSS

Exploit DB•added 2026/05/15 12:0 a.m.•49 views

Windows Snipping Tool - NTLMv2 Hash Hijack

Exploit Title: Windows Snipping Tool - NTLMv2 Hash Hijack Date: 2026-04-22 Exploit Author: nu11secur1ty Video Demo: https://www.patreon.com/posts/cve-2026-33829-156243398 Vendor Homepage: https://www.microsoft.com Software Link: Built-in Windows Snipping Tool Version: Windows 10, Windows 11,...

4.3CVSS5.8AI score0.0029EPSS

Exploits4

CNNVD•added 2026/05/15 12:0 a.m.•4 views

Gitsign 信任管理问题漏洞

Gitsign is a tool developed by Gitsign’s developers that allows for signing Git commits without the need for a key. Versions of Gitsign prior to 0.16.0 contained a trust management vulnerability. This vulnerability stemmed from the fact that gitsign verify and gitsign verify-tag re-encoded the...

5.3CVSS5.8AI score0.00013EPSS

Amazon•added 2026/05/15 12:0 a.m.•10 views

Low: firefox

Issue Overview: libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-41080 Affected Packages: firefox Issue Correction: Run dnf update firefox --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1706 --releasever...

OSSF Malicious Packages•added 2026/05/14 7:24 p.m.•8 views

Exploits0

Malicious code in npmjs_web3-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 263a0126b20b1d58bc0528a4b7bea19027b94383e00b5b9f03b712d96be89ca7 The package's postinstall lifecycle hook downloads a script from a personal GitHub Gist...

5.8AI score

Snyk•added 2026/05/14 7:14 p.m.•8 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the computehashtosign function. An attacker can cause heap corruption and potentially crash the application by triggering a failure in EVPDigestFinal after memory has already been freed, leading to a second free operation...

2.5CVSS5.8AI score0.00014EPSS