CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed a deadlock between bdlinkdiskholder and partition scan. The openmutex of gendisk is used to protect the opening and closing of block devices. However, in bdlinkdiskholder, it is used to protect the creation of...

5.5CVSS6.1AI score0.00036EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from exportrdev The commit a1d767191096 “md: use mddev-external to select holder in exportrdev” fixes the issue where ‘claimrdev’ is used for blkdevgetbydev, while ‘rdev’ is used for blkdevput...

5.7AI score0.00026EPSS

Exploits0References1

vulnersOsv•added 2026/04/22 6:30 a.m.•3 views

au.csiro.pathling:fhir-server (>=5.3.1 <=6.4.2), au.org.consumerdatastandards:data-holder (>=2.3.0 <=2.4.1) +2121 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.7.0 <=5.7.2)

org.springframework.security:spring-security-core MAVEN version =5.7.0, =5.3.1, =2.3.0, =2.4.1 - au.org.consumerdatastandards:mock-data-holder-java =2.6.0 - be.jidoka:jdk-keycloak-admin =1.3.0 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 -...

3.7CVSS5.8AI score0.00067EPSS

Exploits0

NVD•added 2026/04/14 7:16 a.m.•2 views

CVE-2026-2582

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...

6.5CVSS0.00164EPSS

EUVD•added 2026/04/14 6:43 a.m.•2 views

EUVD-2026-22223

Cvelist•added 2026/04/14 6:43 a.m.•23 views

CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution

6.5CVSS0.00164EPSS

ATTACKERKB•added 2026/04/14 6:43 a.m.•2 views

CVE-2026-2582

Vulnrichment•added 2026/04/14 6:43 a.m.•1 views

CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution

CVE•added 2026/04/14 6:43 a.m.•7 views

CVE-2026-2582

The vulnerability (CVE-2026-2582) affects the Germanized for WooCommerce WordPress plugin and allows unauthenticated attackers to execute arbitrary shortcodes via the account_holder parameter in any version up to 3.20.5. The root cause is that the plugin performs an action that does not properly ...

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32600

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before runnin...

ATTACKERKB•added 2026/02/11 12:18 p.m.•21 views

CVE-2025-54149

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central...

7.1CVSS5.5AI score0.00015EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/11 12:0 a.m.•4 views

PT-2026-7556

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description An out-of-bounds read issue exists in Qsync Central. A remote attacker who has obtained a user account can exploit this issue to access sensitive data. Recommendations Update to Qsync Central...

7.1CVSS5.5AI score0.00022EPSS

Vulnrichment•added 2026/02/03 7:23 p.m.•2 views

CVE-2025-62603 FastDDS has Out-of-memory while parsing GenericMessage when DDS Security is enabled

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as...

6.3CVSS5.5AI score0.00054EPSS

Cvelist•added 2026/02/03 7:23 p.m.•28 views

CVE-2025-62603 FastDDS has Out-of-memory while parsing GenericMessage when DDS Security is enabled

6.3CVSS0.00054EPSS

ATTACKERKB•added 2026/02/03 7:23 p.m.•2 views

CVE-2025-62603

6.3CVSS5.5AI score0.00054EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2026/01/09 9:26 a.m.•3 views

CVE-2023-4439

A vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be...

5.3CVSS7AI score0.0008EPSS

Exploits0References1

OSV•added 2026/01/02 4:16 p.m.•2 views

CVE-2025-52871

An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: License Center 2.0.36 and later...

6.5CVSS5.8AI score

Exploits0References1

RedhatCVE•added 2025/12/10 7:27 a.m.•2 views

CVE-2023-53791

In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from exportrdev Commit a1d767191096 "md: use mddev-external to select holder in exportrdev" fix the problem that 'claimrdev' is used for blkdevgetbydev while 'rdev' is used for blkdevput...

3.7CVSS5.2AI score0.00026EPSS