CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61154 matches found

Snyk•added 2026/04/25 11:34 p.m.•5 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the WebDAV backend process. An attacker can access and modify files outside the intended directory by exploiting symbolic links that point outside the designated root. This is only exploitable if...

9.1CVSS5.8AI score0.0033EPSS

Exploits0References3

Github Security Blog•added 2026/04/25 11:34 p.m.•10 views

zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

Summary The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without...

8.7CVSS5.7AI score0.0033EPSS

Exploits0References5Affected Software2

Circl•added 2026/04/25 7:33 p.m.•5 views

CVE-2026-4142

creationtimestamp| type| source ---|---|--- 2026-04-25 19:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mkdrtpj3at2c...

4.4CVSS4.8AI score0.00326EPSS

Exploits0References1

Circl•added 2026/04/25 6:33 p.m.•2 views

CVE-2026-4280

creationtimestamp| type| source ---|---|--- 2026-04-25 18:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mkdoigax452s...

6.5CVSS4.8AI score0.00814EPSS

Exploits0References1

Circl•added 2026/04/25 3:33 p.m.•1 views

CVE-2026-6041

creationtimestamp| type| source ---|---|--- 2026-04-25 15:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mkdegkpr5b2x...

4.4CVSS4.8AI score0.0025EPSS

Exploits0References1

Circl•added 2026/04/25 2:17 p.m.•2 views

CVE-2026-5757

creationtimestamp| type| source ---|---|--- 2026-04-25 14:17:03+00:00| seen| https://bsky.app/profile/thedailytechfeed.com/post/3mkda6kaxwz2n 2026-05-07 14:21:50+00:00| seen| https://bsky.app/profile/ai-sight.bsky.social/post/3mlbg25s2eo26 2026-05-18 18:18:06+00:00| seen|...

5.8AI score

Exploits1References3

Circl•added 2026/04/25 1:33 p.m.•1 views

CVE-2026-5820

creationtimestamp| type| source ---|---|--- 2026-04-25 13:33:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mkd5pzeqdv2h...

6.4CVSS4.8AI score0.00227EPSS

Exploits0References1

Circl•added 2026/04/25 12:54 p.m.•3 views

CVE-2026-41481

creationtimestamp| type| source ---|---|--- 2026-04-25 12:54:11+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116465444548754974...

6.5CVSS4.8AI score0.00219EPSS

Exploits0References1

Circl•added 2026/04/25 11:36 a.m.•2 views

GHSA-6FW5-F8R9-FGFM

creationtimestamp| type| source ---|---|--- 2026-04-25 11:36:33+00:00| seen| https://gist.github.com/dims/bd766118ae32d646ea9f127ac51c3054...

4.8AI score

Exploits0References1

Circl•added 2026/04/25 10:3 a.m.•4 views

CVE-2026-41476

creationtimestamp| type| source ---|---|--- 2026-04-25 10:03:12+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116464772166042640...

8.8CVSS4.8AI score0.00344EPSS

Exploits1References1

Circl•added 2026/04/25 5:23 a.m.•8 views

CVE-2026-31650

creationtimestamp| type| source ---|---|--- 2026-04-25 05:23:12+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116463671145457300...

7.8CVSS4.8AI score0.00115EPSS

Exploits0References1

Circl•added 2026/04/24 10:0 p.m.•2 views

CVE-2026-41248

creationtimestamp| type| source ---|---|--- 2026-04-24 22:00:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkbjlxyitp2w 2026-04-25 00:00:42+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mkbqdc3r752v 2026-04-25 00:00:46+00:00| seen|...

9.1CVSS5.7AI score0.00323EPSS

Exploits0References5

Circl•added 2026/04/24 10:0 p.m.•0 views

CVE-2026-41478

creationtimestamp| type| source ---|---|--- 2026-04-24 22:00:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mkbjlqme3z2n 2026-04-28 16:07:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mkkxq6o5ex2w 2026-04-28 16:07:10+00:00| seen|...

9.9CVSS4.8AI score0.00264EPSS

Exploits0References3

Circl•added 2026/04/24 9:46 p.m.•1 views

CVE-2026-33662

creationtimestamp| type| source ---|---|--- 2026-04-24 21:46:58+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mkbiu5jbk72o...

7.5CVSS4.8AI score0.00403EPSS

Exploits0References1

NVD•added 2026/04/24 9:16 p.m.•2 views

CVE-2026-41488

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's urltosize helper used by getnumtokensfrommessages for image token counting validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS...

3.1CVSS0.00158EPSS

Exploits0References1

RedhatCVE•added 2026/04/24 8:57 p.m.•3 views

CVE-2026-31629

A flaw was found in the Linux kernel's Near Field Communication NFC Logical Link Control Protocol LLCP subsystem. Missing return statements after LLCPCLOSED checks in the nfcllcprecvhdlc and nfcllcprecvdisc functions can lead to a use-after-free vulnerability. This occurs because the system...

8.8CVSS5.4AI score0.00224EPSS

Exploits0References4

OSV•added 2026/04/24 8:43 p.m.•9 views

GHSA-GX2M-MCC2-R4P3 wlc: print_html outputs API data without HTML escaping

Impact The HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. Patches https://github.com/WeblateOrg/wlc/pull/1327 Workarounds The only vulnerable code path is HTML output which is opt-in. Reference...

5.1CVSS5.7AI score0.00174EPSS

Exploits0References6

RedhatCVE•added 2026/04/24 8:32 p.m.•4 views

CVE-2026-35359

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

4.7CVSS5.6AI score0.00105EPSS

Exploits1References2

Snyk•added 2026/04/24 7:43 p.m.•2 views

Malicious Package

Overview modern-events is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

Exploits0References2

Circl•added 2026/04/24 3:32 p.m.•3 views

CVE-2026-40690

creationtimestamp| type| source ---|---|--- 2026-04-24 15:32:37+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mkatwrvm6d2u...

4.3CVSS5.8AI score0.00352EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by