CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

122 matches found

Packet Storm News•added 2026/05/27 12:0 a.m.•10 views

OSSEC HIDS 4.1.0

OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS host-based intrusion detection, log monitoring and SIM/SIEM together in a simple, powerful and open source solution. This is the source code release...

5.9AI score

Exploits0

Packet Storm News•added 2026/05/20 12:0 a.m.•6 views

HIDBench: Benchmarking Large Language Models for Host-Based Intrusion Detection

Recent benchmark efforts have advanced the evaluation of large language models LLMs in cybersecurity, including tasks such as penetration testing and vulnerability identification. However, a critical cybersecurity task, namely intrusion detection from system logs, remains unexplored. In this work...

5.8AI score

Exploits0

Tenable Nessus•added 2026/05/07 12:0 a.m.•5 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016492 advisory. OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted ...

6.5CVSS5.8AI score0.00061EPSS

Exploits0References4

EUVD•added 2026/04/03 9:31 p.m.•5 views

EUVD-2026-18817

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

3.7CVSS5.9AI score0.00092EPSS

Exploits0References3

NVD•added 2026/04/03 7:17 p.m.•3 views

CVE-2026-3184

5.3CVSS0.00092EPSS

Exploits0References3

CVE•added 2026/04/03 6:43 p.m.•39 views

CVE-2026-3184

Affects util-linux, specifically the login(1) utility when invoked with -h. The root cause is improper hostname canonicalization, which can modify the supplied remote hostname before setting PAM_RHOST. This weakness can bypass host-based PAM access control rules that rely on fully qualified domai...

5.3CVSS5.9AI score0.00092EPSS

Exploits0References3Affected Software2

Vulnrichment•added 2026/04/03 6:43 p.m.•2 views

CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization

3.7CVSS5.9AI score0.00092EPSS

Exploits0References3

OSV•added 2026/04/02 5:16 p.m.•1 views

DEBIAN-CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS5.2AI score0.00061EPSS

Exploits0References1

Snyk•added 2026/04/02 4:52 p.m.•0 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the misinterpretation of the PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms configuration, which causes unintended ECDSA algorithms to be accepted. An attacker can compromise...

6.5CVSS5.9AI score0.00061EPSS

Exploits0References2

Tenable Nessus•added 2026/03/16 12:0 a.m.•4 views

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-1584)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...

8.2CVSS5.9AI score0.00024EPSS

Exploits0References2

ATTACKERKB•added 2026/03/10 5:16 p.m.•3 views

CVE-2026-30964

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...

5.4CVSS5.8AI score0.00017EPSS

Exploits1References4Affected Software3

CNNVD•added 2026/02/24 12:0 a.m.•7 views

Caddy 安全漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP host request matcher becoming case-sensitive when configuring large host lists, which could all...

9.1CVSS5.8AI score0.00062EPSS

Exploits1References2

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

OSSEC HIDS 4.0.0

10CVSS5.5AI score0.00988EPSS

Exploits2

RedHat Linux•added 2026/01/29 11:29 a.m.•6 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00024EPSS

Exploits0References5

RedHat Linux•added 2026/01/20 3:37 p.m.•4 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

8.2CVSS5.8AI score0.00024EPSS

Exploits0References5

Positive Technologies•added 2026/01/01 12:0 a.m.•4 views

PT-2026-21773

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 Description Caddy’s HTTP host request matcher is documented as case-insensitive, but becomes case-sensitive when configured with a large host list more than 100 entries due to an optimized matching path. An...

9.9CVSS5.5AI score0.15051EPSS

Exploits44References123