CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/17 12:59 p.m.•4 views

OESA-2026-1912 systemd security update

6.7CVSS6AI score0.00142EPSS

Snyk•added 2026/04/16 9:9 p.m.•1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...

6CVSS5.7AI score0.00286EPSS

Exploits0References3

Snyk•added 2026/04/16 6:31 p.m.•4 views

Incorrect Authorization

Overview silverstripe/assets is an asset module required component of SilverStripe Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the DBFile::getURL process. An attacker can gain unauthorized access to protected files by exploiting the way access grants...

6.9CVSS5.6AI score0.00398EPSS

GithubExploit•added 2026/04/16 5:19 a.m.•84 views

TRACE

No d...

5.8AI score

Exploits0

Tenable Nessus•added 2026/04/16 12:0 a.m.•2 views

nginx 0.5.13 < 1.28.3 / 1.29.x < 1.29.7 Buffer Overflow in ngx_http_dav_module

The installed version of nginx is 0.5.13 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX...

8.8CVSS6.1AI score0.07865EPSS

Exploits0References3

NVD•added 2026/04/15 11:16 a.m.•35 views

CVE-2026-28741

Mattermost versions 10.11.x = 10.11.12, 11.5.x = 11.5.0, 11.4.x = 11.4.2, 11.3.x = 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's authentication method via a CSRF attack by tricking a user into visiting a malicious page. Mattermost...

8.1CVSS0.00129EPSS

Exploits0References1

Cvelist•added 2026/04/15 10:13 a.m.•26 views

CVE-2026-28741 CSRF Protection Bypass Allows Updating a User's Authentication Method

6.8CVSS0.00129EPSS

Exploits0References1

ATTACKERKB•added 2026/04/15 10:13 a.m.•6 views

CVE-2026-28741

6.8CVSS5.8AI score0.00129EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/15 10:13 a.m.•2 views

CVE-2026-28741 CSRF Protection Bypass Allows Updating a User's Authentication Method

6.8CVSS5.8AI score0.00129EPSS

Exploits0References1

CVE•added 2026/04/15 10:13 a.m.•19 views

CVE-2026-28741

Mattermost CVE-2026-28741 concerns CSRF token validation bypass on an authentication endpoint, enabling an attacker to update a user’s authentication method via a CSRF attack when a user visits a malicious page. Affected versions are Mattermost 10.11.x ≤ 10.11.12, 11.5.x ≤ 11.5.0, 11.4.x ≤ 11.4.2...

8.1CVSS5.8AI score0.00129EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/04/15 12:0 a.m.•6 views

PT-2026-33037

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.12 Mattermost version 11.5.0 Mattermost versions 11.4.0 through 11.4.2 Mattermost versions 11.3.0 through 11.3.2 Description An authentication endpoint fails to validate CSRF tokens. This allows an...

6.8CVSS5.8AI score0.00129EPSS

Exploits0References5

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Snyk•added 2026/04/14 11:32 p.m.•10 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Heap-based Buffer Overflow

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Snyk•added 2026/04/14 11:32 p.m.•4 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Snyk•added 2026/04/14 11:32 p.m.•3 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Snyk•added 2026/04/14 11:32 p.m.•1 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...