CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: md: Fixed an issue with warnings for holder mismatch in exportrdev. The commit a1d767191096 “md: Use mddev-external to select holder in exportrdev” fixes the problem where ‘claimrdev’ is used for blkdevgetbydev, while ‘rdev’ i...

5.5AI score0.00155EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block layer: Fixed a deadlock between bdlinkdiskholder and partitionscan. The openmutex of gendisk is used to protect the opening and closing of block devices. However, in bdlinkdiskholder, it is used to protect the creation of...

5.5CVSS5.9AI score0.0021EPSS

Exploits0References2

vulnersOsv•added 2026/04/22 6:30 a.m.•5 views

au.csiro.pathling:fhir-server (>=5.3.1 <=6.4.2), au.org.consumerdatastandards:data-holder (>=2.3.0 <=2.4.1) +2123 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.7.0 <=5.7.2)

org.springframework.security:spring-security-core MAVEN version =5.7.0, =5.3.1, =2.3.0, =2.4.1 - au.org.consumerdatastandards:mock-data-holder-java =2.6.0 - be.jidoka:jdk-keycloak-admin =1.3.0 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 -...

3.7CVSS5.4AI score0.00215EPSS

Exploits0

NVD•added 2026/04/14 7:16 a.m.•3 views

CVE-2026-2582

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...

6.5CVSS0.00424EPSS

Cvelist•added 2026/04/14 6:43 a.m.•25 views

CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution

6.5CVSS0.00424EPSS

Vulnrichment•added 2026/04/14 6:43 a.m.•2 views

CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution

CVE•added 2026/04/14 6:43 a.m.•10 views

CVE-2026-2582

The vulnerability (CVE-2026-2582) affects the Germanized for WooCommerce WordPress plugin and allows unauthenticated attackers to execute arbitrary shortcodes via the account_holder parameter in any version up to 3.20.5. The root cause is that the plugin performs an action that does not properly ...

EUVD•added 2026/04/14 6:43 a.m.•4 views

EUVD-2026-22223

ATTACKERKB•added 2026/04/14 6:43 a.m.•8 views

CVE-2026-2582

Positive Technologies•added 2026/04/14 12:0 a.m.•4 views

PT-2026-32600

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before runnin...

ATTACKERKB•added 2026/02/11 12:18 p.m.•22 views

CVE-2025-54149

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central...

7.1CVSS5.5AI score0.00242EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/11 12:0 a.m.•5 views

PT-2026-7556

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description An out-of-bounds read issue exists in Qsync Central. A remote attacker who has obtained a user account can exploit this issue to access sensitive data. Recommendations Update to Qsync Central...

7.1CVSS5.5AI score0.00492EPSS

ATTACKERKB•added 2026/02/03 7:23 p.m.•3 views

CVE-2025-62603

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such as...

6.3CVSS5.5AI score0.00501EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/02/03 7:23 p.m.•3 views

CVE-2025-62603 FastDDS has Out-of-memory while parsing GenericMessage when DDS Security is enabled

6.3CVSS5.5AI score0.00501EPSS

Cvelist•added 2026/02/03 7:23 p.m.•30 views

CVE-2025-62603 FastDDS has Out-of-memory while parsing GenericMessage when DDS Security is enabled

6.3CVSS0.00501EPSS

RedhatCVE•added 2026/01/09 9:26 a.m.•7 views

CVE-2023-4439

A vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be...

5.3CVSS7AI score0.00403EPSS

Exploits0References1

OSV•added 2026/01/02 4:16 p.m.•3 views

CVE-2025-52871

An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: License Center 2.0.36 and later...

6.5CVSS5.8AI score

Exploits0References1

RedhatCVE•added 2025/12/10 7:27 a.m.•3 views

CVE-2023-53791

In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from exportrdev Commit a1d767191096 "md: use mddev-external to select holder in exportrdev" fix the problem that 'claimrdev' is used for blkdevgetbydev while 'rdev' is used for blkdevput...

3.7CVSS5.2AI score0.00155EPSS