CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/06/10 12:0 a.m.•10 views

Fission 输入验证错误漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a input validation vulnerability. This vulnerability stemmed from the HTTPTriggerSpec.Validate method, which ignored the RelativeURL and Prefix fields during validation. As a...

4.3CVSS5.3AI score0.00227EPSS

Tenable Nessus•added 2026/06/10 12:0 a.m.•7 views

EulerOS 2.0 SP13 : kata-containers (EulerOS-SA-2026-2292)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.00522EPSS

Exploits1References2

Tenable Nessus•added 2026/06/10 12:0 a.m.•8 views

EulerOS 2.0 SP13 : busybox (EulerOS-SA-2026-2324)

According to the versions of the busybox packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line...

6.5CVSS7.2AI score0.00252EPSS

Exploits1References2

Tenable Nessus•added 2026/06/10 12:0 a.m.•8 views

EulerOS 2.0 SP13 : curl (EulerOS-SA-2026-2326)

6.5CVSS7.4AI score0.00333EPSS

Exploits2References4

RedhatCVE•added 2026/06/09 8:59 p.m.•8 views

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.6AI score0.00313EPSS

NVD•added 2026/06/09 7:17 p.m.•10 views

CVE-2026-36819

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS0.00309EPSS

NVD•added 2026/06/09 7:17 p.m.•9 views

CVE-2026-36820

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS0.00309EPSS

NVD•added 2026/06/09 7:17 p.m.•11 views

CVE-2026-36807

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS0.00309EPSS

NVD•added 2026/06/09 7:17 p.m.•10 views

CVE-2026-36796

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS0.00397EPSS

NVD•added 2026/06/09 7:17 p.m.•8 views

CVE-2026-36792

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS0.00397EPSS

NVD•added 2026/06/09 7:17 p.m.•10 views

CVE-2026-36779

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, s2, s100, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted...

7.5CVSS0.00397EPSS

OSSF Malicious Packages•added 2026/06/09 5:44 p.m.•11 views

Malicious code in exodus-wallet-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...

6.1AI score

NCSC•added 2026/06/09 5:44 p.m.•10 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed a large number of vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to various categories of damage, as described in the tables below. Among these vulnerabilities are about six very serious ones, which Microsoft ha...

9.8CVSS6.1AI score0.48438EPSS

Exploits4

OSSF Malicious Packages•added 2026/06/09 5:41 p.m.•7 views

Malicious code in @nstrlabs/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36d8d7c327560bb7a4c08d906db240a2dc146e20f828d9dfc5ab79497b155355 On npm install, the package's preinstall script node index.js || true executes automatically and collects host identifiers from the installer's machi...

OSSF Malicious Packages•added 2026/06/09 5:40 p.m.•8 views

Malicious code in @klapp-otp/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9246974efd1a626094dd3f2027df2e8f1468ce45ebcba42e5207a06c5c9e16ee On npm install, this package auto-executes index.js via the preinstall lifecycle hook. The script collects os.hostname, os.userInfo, dirname,...

OSV•added 2026/06/09 5:40 p.m.•7 views

MAL-2026-5416 Malicious code in @klapp-otp/routes (npm)

OSV•added 2026/06/09 5:39 p.m.•10 views

MAL-2026-5420 Malicious code in @nstrlabs/ixel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b10f7a8ca25ac33a6d1e94038d1dbfd68d113d9ab7d7a428d97417b3409c7d On npm install, the package runs node index.js via a preinstall lifecycle hook declared as "preinstall": "node index.js || true" so failures are...