CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

147 matches found

Github Security Blog•added 2026/05/19 3:55 p.m.•7 views

n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions

Impact The ExecuteWorkflow node's localFile source option read workflow files from disk without applying checks enforced by other file-reading nodes. An authenticated user with permission to create or modify workflows could supply an arbitrary file path via the REST API, bypassing the...

5.9AI score

Exploits0References2Affected Software1

Debian CVE•added 2026/05/08 2:21 p.m.•8 views

CVE-2026-43422

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

5.5CVSS5.7AI score0.00015EPSS

Exploits0

CVE•added 2026/05/08 2:21 p.m.•15 views

CVE-2026-43366

Summary: CVE-2026-43366 affects the Linux kernel’s io_uring/kbuf recycling path. A gap existed between when a buffer was grabbed and when it could be recycled; if the target list is empty, it could be upgraded to a ring-provided type without proper validation. The issue arises from missing checks...

7.8CVSS5.9AI score0.00015EPSS

Exploits0References6Affected Software1

OSV•added 2026/04/03 3:20 a.m.•1 views

GHSA-F693-58PC-2GFR OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts

Summary Telegram legacy allowFrom migration fans default-account trust into all named accounts Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 Telegram migration fans legacy default-account allowFrom trust into named accounts, which is an...

6.3CVSS5.8AI score

Exploits0References4

EUVD•added 2026/01/05 9:25 p.m.•3 views

EUVD-2026-0925

Malicious code in react-transition-group-legacy npm...

6.6AI score

Exploits0

Vulnrichment•added 2025/08/21 8:8 p.m.•2 views

CVE-2010-10015 AOL <= 9.5 Phobos.Playlist 'Import()' Stack-Based Buffer Overflow

AOL versions up to and including 9.5 includes an ActiveX control Phobos.dll that exposes a method called Import via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attacke...

8.4CVSS8AI score0.25352EPSS

Exploits0References8

Cvelist•added 2024/10/10 12:0 a.m.•16 views

CVE-2024-36051

...

Exploits0

Fedora•added 2024/09/28 1:28 a.m.•17 views

[SECURITY] Fedora 40 Update: libppd-2.1~b1-2.fc40

Libppd provides all PPD related function/API which is going to be removed from CUPS 3.X, but are still required for retro-fitting support of legacy printers. The library is meant only for retro-fitting printer applications, any new printer drivers have to be written as native printer application...

8.6CVSS7AI score0.87593EPSS

Exploits17

OSV•added 2024/06/25 1:27 p.m.•8 views

MAL-2024-4058 Malicious code in Be.Vlaanderen.Basisregisters.PаrcеlRegistry.Api.Legacy (NuGet)