CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1052 matches found

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/mlx5: Fixed unsafe xarray access in implicit ODP handling xastore and xaerase were used without holding the proper lock, which led to a lockdep warning due to unsafe RCU usage. This patch replaces them with xastore and...

5.5CVSS6.8AI score0.00139EPSS

Exploits0References2

OSV•added 2026/06/12 12:24 p.m.•7 views

OESA-2026-2612 nss security update

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

6.5CVSS5.5AI score0.00628EPSS

Exploits0References2

Veracode•added 2026/06/11 6:7 p.m.•8 views

Improper Authorization

Twig is vulnerable to Improper Authorization. The vulnerability is due to incomplete enforcement of sandbox security checks for implicit toString calls, which allows an attacker to invoke non-allowlisted toString methods on accessible objects and bypass configured security policies...

5.5AI score0.00044EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

PT-2026-47838

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description The CMS decrypt and PKCS7 decrypt functions are susceptible to a Bleichenbacher-style attack, which is an adaptive-chosen-ciphertext side channel. This allows an attacker to use a vulnerable...

9.1CVSS5.5AI score0.00684EPSS

Exploits0References78

CNNVD•added 2026/06/08 12:0 a.m.•8 views

Imagination Graphics DDK 安全漏洞

Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK. This vulnerability arises from improper GPU system calls when the software runs as a non-privileged user. This leads to errors in managing...

7.1CVSS5.3AI score0.00116EPSS

Exploits0References2

OSV•added 2026/05/27 8:16 p.m.•9 views

DEBIAN-CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.8AI score0.00203EPSS

Exploits1References1

PyPA•added 2026/05/27 8:16 p.m.•9 views

PYSEC-2026-188

6.1CVSS5.8AI score0.00203EPSS

Exploits1References1Affected Software1

OSV•added 2026/05/27 8:16 p.m.•11 views

UBUNTU-CVE-2026-44681

6.1CVSS5.8AI score0.00203EPSS

Exploits1References3

Vulnrichment•added 2026/05/27 7:20 p.m.•8 views

CVE-2026-44681 Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization

6.1CVSS5.8AI score0.00203EPSS

Exploits1References1

CVE•added 2026/05/27 7:20 p.m.•28 views

CVE-2026-44681

CVE-2026-44681 affects Authlib’s OpenID implementation (OpenIDImplicitGrant and OpenIDHybridGrant). An unauthenticated open redirect can occur when a request omits the openid scope, causing the server to redirect with a 302 to an attacker-controlled URL. The root cause is that the scope check hap...

6.1CVSS5.8AI score0.00203EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/27 7:20 p.m.•9 views

CVE-2026-44681

6.1CVSS5.8AI score0.00203EPSS

Exploits1References2Affected Software1

Github Security Blog•added 2026/05/21 7:33 p.m.•9 views

lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

📋 Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "getmodelarch and related helpers hardcode trustremotecode=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this repor...

7.8CVSS6.5AI score0.00148EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/21 12:0 a.m.•8 views

PT-2026-42614

📋 Reframing 2026-05-02: implicit unsafe remote-code path, not "supply-chain" The accurate description of this vulnerability is: "get model arch and related helpers hardcode trust remote code=True with no opt-out, creating an implicit unsafe remote-code load path on every model fetch." What this...

7.8CVSS6.5AI score

Exploits0References3

RedHat Linux•added 2026/05/20 11:23 a.m.•9 views

keycloak: Keycloak: Access token disclosure and implicit flow bypass via forged client data

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...

7.1CVSS5.7AI score0.00344EPSS

Exploits0References4

Snyk•added 2026/05/20 9:41 a.m.•9 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via incomplete CheckToStringNode enforcement in SandboxNodeVisitor. An attacker can invoke toString on arbitrary objects reachable from the...

7.4CVSS5.9AI score0.00044EPSS

Exploits0References2

OSV•added 2026/05/19 12:31 p.m.•6 views

GHSA-HQ3P-W4XV-X7VP Keycloak: Access token disclosure and implicit flow bypass via forged client data

7.1CVSS5.7AI score0.00344EPSS

Exploits0References10

Github Security Blog•added 2026/05/19 12:31 p.m.•6 views

Keycloak: Access token disclosure and implicit flow bypass via forged client data

7.1CVSS5.7AI score0.00344EPSS

Exploits0References10Affected Software1