CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 6 days ago•3 views

Allocation of Resources Without Limits or Throttling

Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DNSIncoming.logexceptiondebug function and the exception-deduplication, which stores...

7.1CVSS5.8AI score

Snyk•added 6 days ago•1 views

Uncontrolled Recursion

Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Uncontrolled Recursion via the DNSIncoming.decodelabelsatoffset function. An attacker can cause excessive CPU consumption and log flooding by...

7.1CVSS5.8AI score

RedhatCVE•added 6 days ago•5 views

CVE-2026-41125

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All versions, blueplanet...

6CVSS7.1AI score0.00025EPSS

RedhatCVE•added 2026/05/28 2:14 p.m.•5 views

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

7.3CVSS5.8AI score0.00052EPSS

ATTACKERKB•added 2026/05/28 12:16 p.m.•5 views

CVE-2026-9818

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

4.7CVSS5.7AI score

Exploits0References6

RedhatCVE•added 2026/05/27 8:14 p.m.•9 views

CVE-2026-9394

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is...

3.1CVSS5.2AI score0.00016EPSS

NVD•added 2026/05/27 3:16 p.m.•6 views

CVE-2026-44830

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS0.00021EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-44001

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow origins="...

8.7CVSS5.9AI score0.00021EPSS

Vulnrichment•added 2026/05/27 12:0 a.m.•8 views

CVE-2026-36539

5.8AI score0.00052EPSS

CNNVD•added 2026/05/27 12:0 a.m.•5 views

Netis AC1200 安全漏洞

The Netis AC1200 is a series of dual-band wireless broadband routers produced by the Chinese company Netis. The Netis AC1200 V4.0.1.4296 version contains a security vulnerability. This vulnerability stems from the CGI endpoint/cgi-bin/skkget.cgi function, which can return the entire router...

7.3CVSS5.8AI score0.00052EPSS

CNNVD•added 2026/05/27 12:0 a.m.•6 views

Nocturne Memory 访问控制错误漏洞

Nocturne Memory is an AI long-term memory server developed by Niwato. Versions prior to Nocturne Memory 2.4.1 contained an access control vulnerability. This vulnerability occurred when the APITOKEN was not set or was empty, allowing the BearerTokenAuthMiddleware to bypass identity verification f...

8.7CVSS5.8AI score0.00021EPSS

EUVD•added 2026/05/26 8:59 p.m.•5 views

EUVD-2026-31998

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

Vulnrichment•added 2026/05/26 8:59 p.m.•5 views

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

ATTACKERKB•added 2026/05/26 8:59 p.m.•9 views

CVE-2026-47672

Exploits0References3Affected Software1

Cvelist•added 2026/05/26 8:59 p.m.•29 views

CVE-2026-47672 epa4all-client: Unauthenticated REST API for Patient Record Writes

6.5CVSS0.00021EPSS

CVE•added 2026/05/26 8:59 p.m.•11 views

CVE-2026-47672

CVE-2026-47672 affects the Java client epa4all-client for epa4all/ePA 3.0. In version 1.2.4 and earlier, a network-reachable caller can write arbitrary documents to any patient electronic health record (EHR) accessible by the institution’s SMC-B card. In misconfigured deployments (e.g., following...