CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/14 4:15 p.m.•13 views

CVE-2026-44312

CVE-2026-44312 affects the Ruby CSS Parser gem. Prior to 2.1.0 and 1.22.0, the library does not validate HTTPS connections (OpenSSL::SSL::VERIFY_NONE), allowing a MITM attacker to inject/modify CSS content when loading stylesheets over HTTPS. The issue is fixed in 2.1.0 and 1.22.0. Remediation: u...

5.8CVSS5.8AI score0.00146EPSS

Exploits0References4

ATTACKERKB•added 2026/05/14 4:15 p.m.•8 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/05/14 4:15 p.m.•36 views

CVE-2026-44312 css_parser allows to MITM included https css urls

5.8CVSS0.00146EPSS

Exploits0References4

Microsoft Secure•added 2026/05/14 4:0 p.m.•8 views

Defense in depth for autonomous AI agents

Designing Secure Autonomous AI Agents with Defense in Depth AI agents are moving beyond assistance and into action. Instead of generating content, they invoke tools, modify data, trigger workflows, and operate across systems with increasing autonomy. This shift changes the security problem...

5.9AI score

Exploits0

Microsoft Secure•added 2026/05/14 4:0 p.m.•10 views

Defense in depth for autonomous AI agents

5.9AI score

Exploits0

EUVD•added 2026/05/14 3:36 p.m.•10 views

EUVD-2026-30316

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.0029EPSS

ATTACKERKB•added 2026/05/14 3:34 p.m.•7 views

CVE-2026-42597

5.9CVSS5.8AI score0.00251EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/14 3:34 p.m.•5 views

EUVD-2026-30317

5.9CVSS5.8AI score0.00251EPSS

EUVD•added 2026/05/14 3:18 p.m.•5 views

EUVD-2026-30307

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS6AI score0.00347EPSS

NVD•added 2026/05/14 3:16 p.m.•9 views

CVE-2026-44308

Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...

6.3CVSS0.00179EPSS

Exploits0References1

SUSE Linux•added 2026/05/14 2:41 p.m.•10 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix one issue CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264449. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUS...

8.8CVSS6AI score0.92165EPSS

Exploits30References4

Vulnrichment•added 2026/05/14 2:39 p.m.•4 views

CVE-2026-44308 Spring Cloud AWS: Missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

6.3CVSS5.8AI score0.00179EPSS

Exploits0References1

The Hacker News•added 2026/05/14 11:40 a.m.•12 views

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI , an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 CVSS score: 7.3, a case of missing...

7.3CVSS5.8AI score0.19037EPSS

Exploits3

OSV•added 2026/05/14 7:54 a.m.•2 views

SUSE-SU-2026:21670-1 Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

8.8CVSS5.8AI score0.92165EPSS

OSV•added 2026/05/14 7:23 a.m.•2 views

SUSE-SU-2026:21700-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

OSV•added 2026/05/14 7:21 a.m.•2 views

SUSE-SU-2026:21665-1 Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

OSV•added 2026/05/14 7:20 a.m.•2 views

SUSE-SU-2026:21694-1 Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...

OSV•added 2026/05/14 7:20 a.m.•1 views

SUSE-SU-2026:21692-1 Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes one security issue The following security issue was fixed: - CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags bsc1264459...