CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/12 12:0 a.m.•8 views

PT-2026-48936

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.6.2 Mattermost versions prior to 11.5.5 Mattermost versions prior to 10.11.17 Description A failure to validate that a username returned during bot registration belongs to a bot account allows an unprivileged...

5.3CVSS5.9AI score0.0019EPSS

Exploits0References4

ATTACKERKB•added 2026/06/04 12:7 p.m.•8 views

CVE-2026-45432

This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability by intercepting network traffic to obtain sensitive authentication information, which could lead ...

8.7CVSS5.8AI score0.00244EPSS

NVD•added 2026/05/27 2:17 p.m.•11 views

CVE-2026-46076

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...

7.9CVSS0.00121EPSS

Exploits0References4

EUVD•added 2026/05/27 12:58 p.m.•10 views

EUVD-2026-32458

5.8AI score0.00121EPSS

Exploits0References4

CNNVD•added 2026/05/21 12:0 a.m.•8 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in incs/functions.inc.php,...

8.2CVSS5.8AI score0.00173EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mshv: Fixed an infinite fault loop that occurred during GPA intercepts when permissions were denied. This issue prevents infinite fault loops when guests access memory regions without proper permissions. Currently,...

5.5CVSS5.9AI score0.00107EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux

A flaw was discovered in the KVM’s AMD code, which handles SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the “virtext” field, this issue could all...

8.8CVSS6.6AI score0.00658EPSS

SUSE CVE•added 2026/05/15 1:58 a.m.•9 views

SUSE CVE-2026-43483

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM...

5.5CVSS5.7AI score0.00161EPSS

Exploits0References8

NVD•added 2026/05/06 10:16 a.m.•8 views

CVE-2026-43096

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshvhandlegpaintercept attempts to remap pages for all faults...

5.5CVSS0.00107EPSS

Cvelist•added 2026/05/06 7:40 a.m.•40 views

CVE-2026-43096 mshv: Fix infinite fault loop on permission-denied GPA intercepts

0.00107EPSS

EUVD•added 2026/04/22 6:30 a.m.•3 views

EUVD-2026-24612

Vulnerability in Spring Spring Security. If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from...

OSV•added 2026/04/22 6:30 a.m.•1 views

GHSA-4VRC-J85C-598C Spring Security Doesn't Correctly Include Servlet Path in Path Matching of XML Authorization Rules

NVD•added 2026/04/22 6:16 a.m.•3 views

Exploits0References3

CVE-2026-22754

7.5CVSS0.00216EPSS

Vulnrichment•added 2026/04/22 5:32 a.m.•3 views

CVE-2026-22754 ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules

Positive Technologies•added 2026/04/22 12:0 a.m.•4 views

PT-2026-34559

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.94 Description Four notification target admin API endpoints in rustfs/src/admin/handlers/event.rs use a check permissions helper that validates authentication but fails to perform admin-action authorization...

8.3CVSS5.2AI score0.00293EPSS

Exploits0References8

CNNVD•added 2026/04/22 12:0 a.m.•8 views

Spring Security 访问控制错误漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. In versions 7.0.0 to 7.0.4 of Spring Security, there was an access control vulnerability. This vulnerability occurred when the servlet path defined using the tag did not...