CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

276 matches found

RedhatCVE•added 2026/05/27 9:18 p.m.•5 views

CVE-2026-46003

A flaw was found in the Linux kernel's qrtr nameserver. A malicious client can exploit this vulnerability by registering an excessive number of random nodes. This uncontrolled resource consumption leads to memory exhaustion, resulting in a Denial of Service DoS for the system...

5.5CVSS5.8AI score0.00024EPSS

Exploits0References4

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в golang-1.19

A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...

5.3CVSS6.8AI score0.00123EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в libvncserver

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service...

7.5CVSS6.7AI score0.00784EPSS

Exploits1References2

RedhatCVE•added 2026/03/26 3:10 p.m.•2 views

CVE-2026-32245

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...

6.5CVSS5.9AI score0.00055EPSS

Exploits1References1

Tenable Nessus•added 2026/03/16 12:0 a.m.•3 views

EulerOS 2.0 SP10 : rsync (EulerOS-SA-2026-1349)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array...

4.3CVSS5.9AI score0.00063EPSS

Exploits0References2

Cvelist•added 2026/03/13 8:29 p.m.•28 views

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

9.9CVSS0.00043EPSS

Exploits0References1

NVD•added 2026/03/12 7:16 p.m.•2 views

CVE-2026-32245

6.5CVSS0.00055EPSS

Exploits1References3

Vulnrichment•added 2026/03/12 6:57 p.m.•1 views

CVE-2026-32245 Tinyauth's OIDC authorization codes are not bound to client on token exchange

6.5CVSS5.8AI score0.00055EPSS

Exploits1References3

Packet Storm News•added 2026/02/23 12:0 a.m.•6 views

RobPI: Robust Private Inference against Malicious Client

The increased deployment of machine learning inference in various applications has sparked privacy concerns. In response, private inference PI protocols have been created to allow parties to perform inference without revealing their sensitive data. Despite recent advances in the efficiency of PI,...

5.9AI score

Exploits0

Tenable Nessus•added 2026/01/22 12:0 a.m.•4 views

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-10158)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-10158 advisory. - A malicious client acting as the receiver of an rsync file transfer can trigger an out of boun...

4.3CVSS5.6AI score0.00063EPSS

Exploits0References1

OSV•added 2025/11/18 3:16 p.m.•1 views

AZL-70667 CVE-2025-10158 affecting package rsync for versions less than 3.4.1-2

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

4.3CVSS5.8AI score0.00063EPSS

Exploits0References1