CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 3 days ago•5 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS7AI score0.00019EPSS

Redos•added 3 days ago•2 views

ROS-20260611-73-0001

The vulnerability of the URBDRC RDP-client-freeRDP device lies in unvalidated array indexing. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...

9.1CVSS6AI score0.00056EPSS

Exploits1

Redos•added 3 days ago•3 views

ROS-20260611-73-0002

9.1CVSS6AI score0.00056EPSS

Exploits1

MongoDB•added 5 days ago•6 views

GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

7.1CVSS5.4AI score0.00046EPSS

Exploits0References1Affected Software1

Cvelist•added 5 days ago•37 views

CVE-2026-9752 GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

7.1CVSS0.00046EPSS

Exploits0References1

Microsoft CVE•added 5 days ago•5 views

Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing

...

7.8CVSS5.4AI score0.00014EPSS

Positive Technologies•added 5 days ago•10 views

PT-2026-48302

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when...

7.1CVSS5.5AI score0.00046EPSS

Exploits0References3

Tenable Nessus•added 2026/06/04 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46263

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Fix out-of-bounds stream encoder index v3 engid can be negative and that streamencregs can be indexed out of bounds. engid is used directly as ...

7.8CVSS5.5AI score0.00013EPSS

RedHat Linux•added 2026/06/03 8:19 a.m.•6 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

6.5CVSS6.9AI score0.00019EPSS

RedHat Linux•added 2026/06/02 11:22 a.m.•9 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

6.5CVSS7.2AI score0.00019EPSS

Fedora•added 2026/05/23 12:58 a.m.•9 views

[SECURITY] Fedora 44 Update: perl-Apache-Session-Browseable-1.3.19-1.fc44

A virtual Apache::Session back-end providing some class methods to manipulate all sessions and add the capability to index some fields to make re-search faster...

6.5CVSS5.8AI score0.00041EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•6 views

PT-2026-42752

Name of the Vulnerable Software and Affected Versions Sync-in versions prior to 2.3 Description An issue exists in the URL download feature where the private IP blocklist regex fails to match IPv4-mapped IPv6 addresses, such as ::ffff:127.0.0.1. On dual-stack systems, Node.js may report a socket'...

7.7CVSS5.5AI score0.0003EPSS

Exploits0References6

RedHat Linux•added 2026/05/20 1:36 p.m.•10 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

6.5CVSS6.9AI score0.00019EPSS

RedHat Linux•added 2026/05/20 11:57 a.m.•10 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

6.5CVSS6.9AI score0.00019EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fixed an issue where accessing an array was done outside its bounds for an enum type. Accessing enums using integers resulted in out-of-bounds access on platforms like aarch64, where sizeoflong is 8, whereas...

7.1CVSS5.9AI score0.00024EPSS

Fedora•added 2026/05/19 4:20 p.m.•13 views

[SECURITY] Fedora 44 Update: python-pysam-0.24.0-1.fc44

pysam - a python module for reading, manipulating and writing genomic data sets.pysam is a lightweight wrapper of the htslib C-API and provides faciliti es to read and write SAM/BAM/VCF/BCF/BED/GFF/GTF/FASTA/FASTQ files as well as access to the command line functionality of the samtools and...

9.8CVSS5.8AI score0.00122EPSS

CNNVD•added 2026/05/19 12:0 a.m.•6 views

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from excessive heap buffer reading in the HeifPixelImage::overlay function, where a...

7.1CVSS6AI score0.00047EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•14 views

PT-2026-41862

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00054EPSS