CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/25 12:0 a.m.•11 views

Dromara Lamp-Cloud 安全漏洞

Dromara Lamp-Cloud is dromara open source based on Jdk11 SpringCloud SpringBoot development of microservices in the backend rapid development platform . Dromara lamp-cloud 5.6.2 and earlier versions of a security vulnerability , the vulnerability stems from the Message Template Handler component ...

6.5CVSS6.6AI score0.00295EPSS

Positive Technologies•added 2026/05/25 12:0 a.m.•10 views

PT-2026-43117

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS6.2AI score0.00295EPSS

Exploits0References4

NVD•added 2026/05/24 4:16 a.m.•7 views

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS0.00473EPSS

Cvelist•added 2026/05/24 4:15 a.m.•16 views

CVE-2026-9354 NousResearch hermes-agent Slack Agent/Mattermost Agent escape output

A vulnerability was detected in NousResearch hermes-agent up to 2026.4.16. The affected element is an unknown function of the component Slack Agent/Mattermost Agent. The manipulation of the argument formatmessage results in escaping of output. The attack can be executed remotely. The exploit is n...

6.9CVSS0.00429EPSS

Exploits0References4

ATTACKERKB•added 2026/05/24 4:15 a.m.•11 views

CVE-2026-9354

6.9CVSS6.3AI score0.00429EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/05/24 12:0 a.m.•6 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.16 contained a security vulnerability. This vulnerability stemmed from unknown functions in the Slack Agent/Mattermost Agent components, which manipulated the...

6.9CVSS6.6AI score0.00429EPSS

Snyk•added 2026/05/23 3:46 p.m.•11 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the NGReset Message Handler process. An attacker can cause memory corruption and potentially impact confidentiality, integrity, and availability by sending specially crafted messages remotely. Remediation Upgrade...

Snyk•added 2026/05/23 3:46 p.m.•6 views

Buffer Overflow

Snyk•added 2026/05/23 3:46 p.m.•6 views

Buffer Overflow

Snyk•added 2026/05/23 3:46 p.m.•9 views

Buffer Overflow

NVD•added 2026/05/23 2:16 p.m.•14 views

CVE-2026-9301

A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be use...

6.5CVSS0.00296EPSS

CVE•added 2026/05/23 1:0 p.m.•17 views

CVE-2026-9301

The CVE concerns omec-project amf up to version 2.1.1, affecting the NGReset Message Handler. According to the description in the CVE entry and related records, manipulating the NGReset Message Handler can cause memory corruption, and the issue is exploitable remotely. The exploit is reported as ...

6.5CVSS6.1AI score0.00296EPSS

Cvelist•added 2026/05/23 1:0 p.m.•11 views

CVE-2026-9301 omec-project amf NGReset Message memory corruption

6.5CVSS0.00296EPSS

Vulnrichment•added 2026/05/23 1:0 p.m.•7 views

CVE-2026-9301 omec-project amf NGReset Message memory corruption

6.5CVSS6AI score0.00296EPSS

OSV•added 2026/05/23 11:2 a.m.•4 views

CLSA-2026-1779534149 unbound: Fix of CVE-2026-33278

CVE-2026-33278: use-after-free in DNSSEC validator dnsmsgdeepcopyregion during NSEC3 sub-query suspend/resume; buggy struct-assignment overwrote the destination's freshly-allocated rrsets pointer with the source's pointer, leaving a dangling pointer dereferenced after the source region was freed...

10CVSS6.4AI score0.00888EPSS

Exploits0References1

Vulnrichment•added 2026/05/23 11:0 a.m.•6 views

CVE-2026-9299 omec-project amf handler.go PDUSessionResourceModifyIndication memory corruption

A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and m...

6.5CVSS6.1AI score0.00296EPSS

OSV•added 2026/05/23 10:58 a.m.•4 views

CLSA-2026-1779533909 unbound: Fix of 3 CVEs

CVE-2026-33278: dangling pointer dereference in dnsmsgdeepcopyregion during DS sub-query suspend/resume; the previously-backported CVE-2023-50387-CVE-2023-50868.patch dragged the vulnerable 'res-rep = origin-rep;' struct-assignment into our 1.16.2 tree. Save the destination rrsets pointer,...

10CVSS7AI score0.99995EPSS

Exploits1References1

CNNVD•added 2026/05/23 12:0 a.m.•8 views

amf 缓冲区错误漏洞

AMF is an open-source library under Apache License, developed by Free5GC. Versions of AMF prior to 2.1.1 contain a buffer error vulnerability. This vulnerability stems from unknown code in the NGReset Message Handler component, which may lead to memory corruption...

6.5CVSS6.8AI score0.00296EPSS

Positive Technologies•added 2026/05/23 12:0 a.m.•15 views

PT-2026-42880

6.5CVSS6.1AI score0.00296EPSS