CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

142 matches found

UbuntuCve•added 2026/05/10 5:16 a.m.•3 views

CVE-2026-7259

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS5.8AI score0.00052EPSS

Exploits0References2

Positive Technologies•added 2026/04/20 12:0 a.m.•0 views

PT-2026-33761

Name of the Vulnerable Software and Affected Versions Progress ADC LoadMaster affected versions not specified Description An OS command injection flaw in the API allows an authenticated attacker with Geo Administration permissions to execute arbitrary commands on the appliance. This is possible d...

8.4CVSS6.3AI score0.00273EPSS

Exploits3References9

Debian CVE•added 2026/03/26 2:56 p.m.•2 views

CVE-2026-4897

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded input can lead to an out-of-memory OOM condition, resulting in a Denial of Service DoS for the...

5.5CVSS5.2AI score0.00006EPSS

Exploits0

Snyk•added 2026/03/20 8:35 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview @dicebear/converter is a SVG Converter for DiceBear Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ensureSize function. An attacker can cause excessive memory allocation and application crashes by injecting specially craft...

8.7CVSS5.8AI score0.00021EPSS

Exploits0References3

Cvelist•added 2026/01/24 12:55 a.m.•29 views

CVE-2026-24404 iccDEV has Null Pointer Deference and Undefined Behavior in CIccXmlArrayType()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely...

7.1CVSS0.00208EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 9:52 a.m.•3 views

CVE-2020-10630

SAE IT-systems FW-50 Remote Telemetry Unit RTU. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users...

6.1CVSS6.9AI score0.00174EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:52 a.m.•3 views

CVE-2020-10629

WebAccess/NMS versions prior to 3.0.2 does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files...

7.5CVSS6.6AI score0.00162EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:34 a.m.•3 views

CVE-2024-41112

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...

9.8CVSS7.7AI score0.01559EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:8 a.m.•1 views

CVE-2024-2361

A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the installmodel function within lollmscore/lollms/binding.py, where the application fails to properly sanitize the...

9.6CVSS9.2AI score0.00353EPSS

Exploits1References1