CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11880 matches found

OSV•added 2026/04/15 2:16 p.m.•1 views

SUSE-SU-2026:1363-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

7.5CVSS6.9AI score0.00056EPSS

Exploits0References15

EUVD•added 2026/04/15 12:31 a.m.•0 views

EUVD-2026-22726

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2...

7CVSS5.8AI score0.01042EPSS

Exploits1References3

Positive Technologies•added 2026/04/15 12:0 a.m.•3 views

PT-2026-33110

Name of the Vulnerable Software and Affected Versions Git for Windows versions prior to 2.53.0.windows.3 Description Git for Windows lacks protections that prevent attackers from obtaining a user's NTLM hash. An attacker can obtain the NTLMv2 hash by tricking users into cloning a malicious...

7.4CVSS6.4AI score0.00086EPSS

Exploits0References9

SUSE CVE•added 2026/04/14 11:25 p.m.•1 views

SUSE CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

5.5CVSS5.8AI score0.00024EPSS

Exploits0References3

OSV•added 2026/04/14 10:49 p.m.•3 views

GHSA-52HF-63Q4-R926 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php Exposes Developer Emails and Deployed Version

Summary The file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs, developer names and email addresses PII, and commit messages which may...

5.3CVSS5.9AI score0.00088EPSS

Exploits1References3

Cvelist•added 2026/04/14 9:21 p.m.•17 views

CVE-2026-39907 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP

7CVSS0.01042EPSS

Exploits1References3

Vulnrichment•added 2026/04/14 9:21 p.m.•2 views

CVE-2026-39906 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .NET Remoting

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...

7CVSS5.8AI score0.00094EPSS

Exploits1References3

CVE•added 2026/04/14 9:21 p.m.•3 views

CVE-2026-39906

CVE-2026-39906 affects Unisys WebPerfect Image Suite v3.0.3960.22810 and v3.0.3960.22604. The root cause is exposure of a deprecated .NET Remoting TCP channel, enabling remote unauthenticated attackers to leak NTLMv2 machine-account hashes by passing a Windows UNC path as a target file argument v...

10CVSS5.8AI score0.00094EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/04/14 9:21 p.m.•1 views

CVE-2026-39906

7CVSS5.8AI score0.00094EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2026/04/14 6:12 p.m.•1 views

CVE-2026-40164

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

7.5CVSS5.7AI score0.00024EPSS

Exploits0References5

Circl•added 2026/04/14 5:17 a.m.•1 views

GHSA-8X8F-54WF-VV92

creationtimestamp| type| source ---|---|--- 2026-04-14 05:17:42+00:00| seen| Telegram/EXit4BCARRaTXD4SBLqO-yd3UPNB5jBijYowsPR2aTE5HY...

4.8AI score

Exploits0

OSV•added 2026/04/14 12:16 a.m.•0 views

DEBIAN-CVE-2026-40164

7.5CVSS5.3AI score0.00024EPSS

Exploits0References1

NVD•added 2026/04/14 12:16 a.m.•2 views

CVE-2026-40164

7.5CVSS0.00024EPSS

Exploits0References2

NVD•added 2026/04/14 12:16 a.m.•2 views

CVE-2026-34069

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the...

5.3CVSS0.00049EPSS

Exploits0References4

OSV•added 2026/04/14 12:16 a.m.•1 views

UBUNTU-CVE-2026-40164

7.5CVSS5.8AI score0.00024EPSS

Exploits0References6

UbuntuCve•added 2026/04/14 12:16 a.m.•1 views

CVE-2026-40164

7.5CVSS5.8AI score0.00024EPSS

Exploits0References5

CNNVD•added 2026/04/14 12:0 a.m.•3 views

Unisys WebPerfect Image Suite 安全漏洞

Unisys WebPerfect Image Suite is an enterprise document imaging and management system developed by Unisys, Inc. Both versions of Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 contain security vulnerabilities. These vulnerabilities stem from unvalidated WCF SOAP endpoints located...

10CVSS5.8AI score0.01042EPSS

Exploits1References3

ATTACKERKB•added 2026/04/13 11:55 p.m.•2 views

CVE-2026-34069

5.3CVSS5.8AI score0.00049EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/04/13 11:40 p.m.•2 views

CVE-2026-40164

7.5CVSS5.8AI score0.00024EPSS

Exploits0References3

Vulnrichment•added 2026/04/13 11:40 p.m.•2 views

CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed