CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Fedora•added 2 days ago•8 views

[SECURITY] Fedora 43 Update: transmission-4.1.2-1.fc43

Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end...

5.3CVSS5.8AI score0.00029EPSS

Fedora•added 2 days ago•8 views

[SECURITY] Fedora 43 Update: python-starlette-0.52.1-2.fc43

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

6.5CVSS5.8AI score0.00353EPSS

Exploits2

CVE•added 6 days ago•11 views

CVE-2026-48559

CVE-2026-48559 affects Lightweight Music Server (LMS) up to version 3.76.0. The vulnerability is a stored cross-site scripting (XSS) that lets an attacker cause JavaScript execution in the web interface by embedding malicious HTML in media file metadata fields (GENRE, ARTIST, ALBUM). The payload ...

ATTACKERKB•added 6 days ago•8 views

CVE-2026-48559

Vulnrichment•added 6 days ago•7 views

Exploits1References5

CVE-2026-48559 Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags

EUVD•added 6 days ago•10 views

EUVD-2026-33640

Cvelist•added 6 days ago•24 views

CVE-2026-48559 Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags

5.4CVSS0.0003EPSS

Snyk•added 6 days ago•3 views

Improper Validation of Certificate with Host Mismatch

Overview org.apache.directory.api:api-ldap-client-api is a LDAP Client API. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the TLS server identity verification. An attacker can intercept and impersonate the server by presenting a...

8.8CVSS5.5AI score0.00032EPSS

Exploits0References2

Nuclei•added 6 days ago•31 views

Hoverfly < 1.10.3 - Arbitrary File Read

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS5.9AI score0.93631EPSS

Exploits3References2

CNNVD•added 6 days ago•6 views

NextCloud Access Control Vulnerability

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. In versions 1.3.6 to 8.4.0, there was a vulnerability related to access control. This vulnerability stemmed from improper checks, allowing users...

4.6CVSS5.8AI score0.00019EPSS

Exploits0References3

Positive Technologies•added 6 days ago•11 views

PT-2026-45437

CNNVD•added 6 days ago•5 views

Exploits1References5

Lightweight Music Server Cross-Site Script Vulnerability

Lightweight Music Server is a self-hosted music streaming service developed by Emeric POUPON. Versions of Lightweight Music Server 3.76.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xss attacks, allowing attackers to execute arbitrary...

Packet Storm News•added 2026/05/30 12:0 a.m.•10 views

GCVE: A Decentralized Model for Vulnerability Identification, Publication, and Operational Enrichment

The Global CVE initiative GCVE proposes a decentralized, open, and extensible model for vulnerability identification, publication, and enrichment. It addresses a gap in today's vulnerability ecosystem: centralized systems provide rigorous control and widely recognized identifiers, while many...

5.8AI score

RedhatCVE•added 2026/05/29 6:49 a.m.•10 views

CVE-2026-41076

A flaw was found in RT, an open-source issue and ticket tracking system. This vulnerability allows a remote attacker to bypass authentication in RT installations configured to use LDAP/AD Lightweight Directory Access Protocol/Active Directory for user authentication. Under specific LDAP server...

8.1CVSS5.8AI score0.0007EPSS

Exploits0References2

Cvelist•added 2026/05/28 4:42 a.m.•28 views

CVE-2026-9801 Keycloak: keycloak: denial of service via malformed ldap password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS0.00247EPSS

Exploits0References2

Packet Storm News•added 2026/05/28 12:0 a.m.•6 views

AgentDoG 1.5: A Lightweight and Scalable Alignment Framework for AI Agent Safety and Security

Modern open-world agents such as OpenClaw exhibit powerful cross-environment execution capabilities yet introduce broad new safety risk sources. Meanwhile, advanced frontier AI models drastically lower attack barriers, rendering current agent alignment frameworks inadequate for real-world...

5.9AI score