CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

113 matches found

CVE-2026-50643 Out‑of‑Bounds Read in 8cc

8cc is vulnerable to an Out‑of‑Bounds Read due to improper handling of line directives and GNU linemarkers. The compiler accepts attacker-controlled filename and line number metadata and later uses it without validation when accessing source line arrays. By supplying invalid or oversized line...

5.1CVSS0.00138EPSS

Exploits0References2

Packet Storm News•added 2026/06/09 12:0 a.m.•7 views

TIFF/DNG Metadata Scanner for Structural Validation and Suspicious Tag Detection

This C program implements a lightweight metadata scanner for TIFF-based DNG files that performs basic structural validation and heuristic analysis of Image File Directory IFD entries. The tool reads TIFF headers, enumerates metadata tags, and evaluates entries against simple consistency rules to...

5.5AI score

Exploits0

CNNVD•added 2026/05/20 12:0 a.m.•6 views

MongoDB C Driver 安全漏洞

The MongoDB C Driver is an open-source client driver library for connecting to and operating MongoDB databases in C-language programs. There is a security vulnerability in the MongoDB C Driver, which stems from the lack of proper validation of file metadata by the traditional GridFS API. This...

6CVSS5.8AI score0.00281EPSS

Exploits0References1

CVE•added 2026/04/24 7:41 p.m.•12 views

CVE-2026-6967

Affected software: awslabs/tough (before tough-v0.22.0) with delegated metadata validation. Root cause: missing expiration, hash, and length enforcement in delegated metadata validation causing load_delegations to bypass TUF integrity checks for delegated targets metadata. Impact: remote authenti...

7.1CVSS5.3AI score0.00246EPSS

Exploits0References6Affected Software2

ATTACKERKB•added 2026/04/01 5:30 p.m.•1 views

CVE-2026-34445

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn’t check if the...

8.6CVSS5.7AI score0.00288EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/03/23 12:0 a.m.•6 views

Droplet Agent 安全漏洞

Droplet Agent is an open-source tool developed by DigitalOcean for managing and monitoring DigitalOcean Droplets. Versions of Droplet Agent prior to 1.3.2 contain security vulnerabilities. These vulnerabilities stem from the fault diagnosis executor component failing to properly validate inputs...

8.8CVSS6.6AI score0.02502EPSS

Exploits2References4

RedhatCVE•added 2026/02/05 7:23 p.m.•3 views

CVE-2026-25055

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those...

8.1CVSS6.4AI score0.01713EPSS

Exploits0References1

ATTACKERKB•added 2026/02/04 4:47 p.m.•5 views

CVE-2026-25055

7.1CVSS6.4AI score0.01713EPSS

Exploits0References2Affected Software1

OSV•added 2026/01/27 6:15 p.m.•2 views

DEBIAN-CVE-2025-14911

User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container...

7.1CVSS5.3AI score0.00275EPSS

Exploits0References1

EUVD•added 2026/01/27 5:29 p.m.•4 views

EUVD-2025-206387

User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container...

7.1CVSS5.9AI score0.00275EPSS

Exploits0References1

Vulnrichment•added 2026/01/27 5:29 p.m.•5 views

CVE-2025-14911 Integer Overflow in GridFS chunkSize Leading to Heap Allocation Failure

User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container...

7.1CVSS5.9AI score0.00275EPSS

Exploits0References1

Snyk•added 2026/01/27 5:29 p.m.•3 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the chunkSize metadata field in GridFS, which lacks proper validation. An attacker can cause the bounding container to overflow by supplying malformed metadata, resulting in a denial of service. Remediation Upgrade...

7.1CVSS5.9AI score0.00275EPSS

Exploits0References2

Tenable Nessus•added 2025/11/05 12:0 a.m.•1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990038)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990038 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUGON while continue reshape after reassembling Currently, mdadm support...

5.5CVSS6.1AI score0.00226EPSS

Exploits0References3

Veracode•added 2025/10/08 6:4 p.m.•5 views

Arbitrary File Upload

com.vaadin:vaadin-server is vulnerable to an Arbitrary File Upload. The vulnerability is due to insufficient validation of metadata in the start listener of incoming uploads, which allows an attacker to bypass upload validation and potentially upload unauthorized or malicious files...

5.3CVSS6.8AI score0.00361EPSS

Exploits0References6Affected Software3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-1579

Malware in sbrugna...

8.6CVSS8.5AI score0.01357EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2014-4345

Malware in sbrugna...

9.3CVSS7.6AI score0.01656EPSS

Exploits0References11