CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/04 5:16 p.m.•9 views

CVE-2026-46739

Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The updatestats used for updating counters and gauge methods do not check that values...

5.3CVSS0.00258EPSS

Exploits0References3

RedhatCVE•added 2026/06/04 4:1 p.m.•10 views

CVE-2026-43515

In Apache Tomcat, when multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. A remote attacker could exploit this to bypass intended security restrictions for information or actions within the application...

9.1CVSS8.2AI score0.00844EPSS

Exploits1References4

EUVD•added 2026/06/04 3:45 p.m.•8 views

EUVD-2026-34295

8.2CVSS5.8AI score0.00344EPSS

Exploits0References3

CVE•added 2026/06/04 3:45 p.m.•14 views

CVE-2026-46739

Net::Statsd for Perl with versions prior to 0.13 is vulnerable to metric injections. The flaw arises because metric names aren’t checked for newlines, colons, or pipes, allowing untrusted-sourced metrics to inject additional statsd metrics. Additionally, update_stats and gauge do not validate tha...

5.3CVSS5.8AI score0.00258EPSS

Exploits0References3Affected Software1

OSV•added 2026/06/04 1:15 p.m.•8 views

USN-8383-1 tomcat6, tomcat7 vulnerabilities

It was discovered that Tomcat incorrectly handled digest authentication. A remote attacker could possibly use this issue to bypass authentication restrictions. CVE-2026-43512 It was discovered that Tomcat incorrectly handled case sensitivity in LockOutRealm. A remote attacker could possibly use...

9.8CVSS5.9AI score0.00869EPSS

Exploits2References4

Ubuntu•added 2026/06/04 1:15 p.m.•8 views

USN-8383-1: Tomcat vulnerabilities

9.8CVSS7.6AI score0.00869EPSS

Exploits2

NVD•added 2026/06/03 1:16 p.m.•15 views

CVE-2026-35081

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

8.1CVSS0.0037EPSS

ATTACKERKB•added 2026/06/03 10:40 a.m.•8 views

CVE-2026-35081

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

EUVD•added 2026/06/03 10:40 a.m.•9 views

EUVD-2026-34077

The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...

ATTACKERKB•added 2026/06/03 10:40 a.m.•7 views

CVE-2026-35080

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

EUVD•added 2026/06/03 10:40 a.m.•8 views

EUVD-2026-34076

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

CVE•added 2026/06/03 10:39 a.m.•11 views

CVE-2026-35079

The CVE-2026-35079 entry describes an issue in the ugw-restore method where a remote attacker with user privileges can delete arbitrary local files due to insufficient validation of user-controlled input. The vulnerability is assessed with high severity (CVSS 4.0: base 7.2; CVSS 3.1: base 8.1), r...

Exploits0References1Affected Software1

EUVD•added 2026/06/03 10:39 a.m.•10 views

EUVD-2026-34075

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

Vulnrichment•added 2026/06/03 10:39 a.m.•7 views

CVE-2026-35079 Arbitrary file delete vulnerability in method ugw-restore

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

Vulnrichment•added 2026/06/03 10:39 a.m.•7 views

CVE-2026-35078 Arbitrary file delete vulnerability in method ugw-logstop

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

Packet Storm News•added 2026/06/03 12:0 a.m.•9 views

Description-Code Inconsistency in Real-World MCP Servers: Measurement, Detection, and Security Implications

The Model Context Protocol MCP has emerged as a critical standard empowering Large Language Models LLMs to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool...

6AI score

Exploits0

Positive Technologies•added 2026/06/03 12:0 a.m.•9 views

PT-2026-45921

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

Positive Technologies•added 2026/06/03 12:0 a.m.•9 views

PT-2026-45920

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...