CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5094 matches found

OSV•added 2026/04/30 8:47 p.m.•3 views

GHSA-F6QQ-3M3H-4G42 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation

Summary The Patreon OAuth provider maps every authenticated Patreon account to the same local user.ID, instead of deriving a unique ID from the Patreon account returned by Patreon. In practice, this means all Patreon-authenticated users of an application using this library are collapsed into a...

9.1CVSS5.8AI score0.00417EPSS

Exploits0References6

vulnersOsv•added 2026/04/30 5:25 p.m.•5 views

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +632 more potentially affected by CVE-2026-40171 via jupyterlab (>=0.31.1 <=4.5.6)

jupyterlab PYPI version =0.31.1, =0.1.0, =0.1.0b0, =0.1.0b0, =0.1.0b0, =0.1.0, =0.5.5, =2.0.0, =0.1.1, =0.1.0, =3.0.0, =4.33.0, =5.0.0 and more Source cves: CVE-2026-40171 Source advisory: OSV:GHSA-RCH3-82JR-F9W9...

8.4CVSS5.4AI score0.00476EPSS

Exploits0

RedHat Linux•added 2026/04/30 1:58 p.m.•14 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.2 release and security update

Red Hat JBoss Web Server 6.2.2 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...

9.1CVSS7.7AI score0.00981EPSS

Exploits0References6

Fedora•added 2026/04/30 1:30 a.m.•12 views

[SECURITY] Fedora 42 Update: miniupnpd-2.3.10-1.fc42

The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-P...

9.1CVSS5.2AI score0.00674EPSS

Exploits0

Fedora•added 2026/04/30 1:21 a.m.•10 views

[SECURITY] Fedora 43 Update: miniupnpd-2.3.10-1.fc43

9.1CVSS5.2AI score0.00674EPSS

Exploits0

Fedora•added 2026/04/30 12:54 a.m.•6 views

[SECURITY] Fedora 44 Update: miniupnpd-2.3.10-1.fc44

9.1CVSS5.2AI score0.00674EPSS

Exploits0

Amazon•added 2026/04/30 12:0 a.m.•15 views

Important: docker

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.8AI score0.08123EPSS

Exploits1

Amazon•added 2026/04/30 12:0 a.m.•17 views

Medium: golist

9.8CVSS5.8AI score0.00536EPSS

Exploits0

NVD•added 2026/04/29 11:16 p.m.•8 views

CVE-2026-7381

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

9.1CVSS0.00442EPSS

Exploits0References3

OSV•added 2026/04/29 11:16 p.m.•6 views

DEBIAN-CVE-2026-7381

9.1CVSS5.6AI score0.00442EPSS

Exploits0References1

CVE•added 2026/04/29 10:13 p.m.•10 views

CVE-2026-7381

Plack::Middleware::XSendfile (Perl)

9.1CVSS5.5AI score0.00442EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/29 10:13 p.m.•3 views

EUVD-2026-26296

5.8CVSS5.3AI score0.00442EPSS

Exploits0References3

Vulnrichment•added 2026/04/29 10:13 p.m.•4 views

CVE-2026-7381 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting

5.5AI score0.00442EPSS

Exploits0References3

ATTACKERKB•added 2026/04/29 10:13 p.m.•6 views

CVE-2026-7381

5.8CVSS5.3AI score0.00442EPSS

Exploits0References4

Debian CVE•added 2026/04/29 10:13 p.m.•5 views

CVE-2026-7381

9.1CVSS5.5AI score0.00442EPSS

Exploits0

The Hacker News•added 2026/04/29 12:2 p.m.•7 views

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren't just talking about AI writing better phishing emails anymore. We’re talking about autonomous agents mapping...

5.8AI score

Exploits0

OSV•added 2026/04/29 11:6 a.m.•1 views

SUSE-SU-2026:1657-1 Security update for xen

This update for xen fixes the following issues: - CVE-2025-54505: floating point divider state sampling on AMD CPUs AMD-SN-7053 bsc1262428. - CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. - CVE-2026-23558: grant table v2 race in status page mapping bsc1262180...

7.8CVSS5.2AI score0.00191EPSS

Exploits0References7

SUSE Linux•added 2026/04/28 2:46 p.m.•4 views

Security update for xen

This update for xen fixes the following issues: CVE-2025-54505: floating point divider state sampling on AMD CPUs AMD-SN-7053 bsc1262428. CVE-2026-23557: Xenstored DoS via XSRESETWATCHES command bsc1262178. CVE-2026-23558: grant table v2 race in status page mapping bsc1262180. Special Instruction...

7.8CVSS5.3AI score0.00191EPSS

Exploits0References12

OSV•added 2026/04/28 2:46 p.m.•1 views

SUSE-SU-2026:1645-1 Security update for xen

7.8CVSS5.2AI score0.00191EPSS

Exploits0References7

Xen Project•added 2026/04/28 12:0 p.m.•7 views

grant table v2 race in status page mapping

ISSUE DESCRIPTION The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then b...

7.8CVSS5.3AI score0.00117EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by