CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2 days ago•8 views

CURL-CVE-2026-11564 Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

5.9AI score

Exploits0

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in gst-plugins-bad1.0

GStreamer MXF File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...

8.8CVSS7.9AI score0.01871EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability in Munge

MUNGE is an authentication service for creating and validating user credentials. From version 0.5 to 0.5.17, local attackers could exploit a buffer overflow vulnerability in MUNGE the authentication daemon to leak cryptographic key material from process memory. With the leaked key material,...

7.8CVSS7.7AI score0.00272EPSS

Cvelist•added 2026/06/18 5:6 p.m.•16 views

CVE-2026-48984 pam_usb: xfree() does not call explicit_bzero — sensitive cryptographic material may linger in freed heap

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...

4.7CVSS0.00109EPSS

Tenable Nessus•added 2026/06/15 12:0 a.m.•9 views

Fedora 45 : perl-Crypt-DSA (2026-cf622b92d7)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cf622b92d7 advisory. Automatic update for perl-Crypt-DSA-1.21-1.fc45. Changelog Mon Jun 15 2026 Paul Howarth - 1.21-1 - Update to 1.21 - Fixed key material reuse for multiple...

9.1CVSS5.5AI score0.00289EPSS

Vulnrichment•added 2026/06/12 9:57 p.m.•6 views

CVE-2026-53839 OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation

OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted host to send authentication material to untrusted endpoin...

6.5CVSS5.3AI score0.00265EPSS

CVE•added 2026/06/12 9:57 p.m.•15 views

CVE-2026-53839

OpenClaw before 2026.5.7 has a hostname validation flaw in the retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. This can enable an attacker to craft a hostname prefix that resembles a trusted host, potentially causing authentication material to be sent to u...

6.5CVSS5.3AI score0.00265EPSS

Exploits0References2Affected Software1

CVE•added 2026/06/11 5:4 a.m.•22 views

CVE-2026-40996

CVE-2026-40996 affects Spring Web Services where Wss4jSecurityInterceptor incorrectly defaults allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J’s safer validation behavior for RequestData. This could allow RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material in inbound WS-Security dec...

4.8CVSS5.5AI score0.00129EPSS

OSSF Malicious Packages•added 2026/06/10 6:37 p.m.•11 views

Malicious code in @solana-labs/web3.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91b0523027116b3981b0f1dfe925f01d8956eb19817aae6ea7d0022d5357fba4 Package @solana-labs/web3.js impersonates the legitimate @solana/web3.js and re-exports it as cover while running a malicious postinstall node...

5.5AI score

Exploits0References6

RedhatCVE•added 2026/06/10 8:59 a.m.•10 views

CVE-2026-24349

A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 All versions, SIMATIC WinCC Unified PC Runtime V17 All versions, SIMATIC WinCC Unified PC Runtime V18 All versions, SIMATIC WinCC Unified PC Runtime V19 All versions, SIMATIC WinCC Unified PC Runtime V20 All versions,...

NVD•added 2026/06/09 10:16 a.m.•11 views

CVE-2026-24349

8.2CVSS0.00057EPSS

Vulnrichment•added 2026/06/09 8:46 a.m.•8 views

CVE-2026-24349

CVE•added 2026/06/09 8:46 a.m.•20 views

CVE-2026-24349

The CVE-2026-24349 entry affects SIMATIC WinCC Unified PC Runtime V16–V21 (all versions up to but not including V21 Update 2). The root cause is insufficient protection of key material in WinCC Certificate Manager, which could allow an attacker to extract sensitive information. All connected sour...

Exploits0References1Affected Software1

EUVD•added 2026/06/09 8:46 a.m.•9 views

EUVD-2026-35382

Cvelist•added 2026/06/09 8:46 a.m.•32 views

CVE-2026-24349

8.2CVSS0.00057EPSS