CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11605 matches found

OSV•added 2026/03/25 9:13 p.m.•3 views

GHSA-3V7F-55P6-F55P Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

Impact picomatch is vulnerable to a method injection vulnerability CWE-1321 affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: can reference inherited method names. These methods are implicitly...

5.3CVSS6.1AI score0.0041EPSS

Exploits0References4

Github Security Blog•added 2026/03/25 9:13 p.m.•18 views

Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

5.3CVSS6.1AI score0.0041EPSS

Exploits0References4Affected Software1

UbuntuCve•added 2026/03/25 7:16 p.m.•1 views

CVE-2025-70952

pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...

7.5CVSS5.9AI score0.00856EPSS

Exploits1References5

NVD•added 2026/03/25 6:16 p.m.•3 views

CVE-2025-67030

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code...

8.8CVSS0.00664EPSS

Exploits0References5

OSV•added 2026/03/25 6:16 p.m.•1 views

DEBIAN-CVE-2025-67030

8.8CVSS5.9AI score0.00664EPSS

Exploits0References1

UbuntuCve•added 2026/03/25 6:16 p.m.•1 views

CVE-2025-67030

8.8CVSS6AI score0.00664EPSS

Exploits0References6

OSV•added 2026/03/25 6:16 p.m.•3 views

UBUNTU-CVE-2025-67030

8.8CVSS6.2AI score0.00664EPSS

Exploits0References7

SUSE Linux•added 2026/03/25 12:43 p.m.•4 views

Security update for systemd

This update for systemd fixes the following issues: CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. udev: check for invalid chars in various fields...

7.8CVSS5.8AI score0.00142EPSS

Exploits0References10

SUSE Linux•added 2026/03/25 9:38 a.m.•4 views

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.5CVSS5.8AI score0.00465EPSS

Exploits0References4

Veracode•added 2026/03/25 9:30 a.m.•4 views

Exposed Dangerous Method Or Function

MCP Gateway is vulnerable to Exposed Dangerous Method or Function. The vulnerability is due to lack of protection in SSE or streaming transport modes, which allows an attacker to exploit browser-based requests via a malicious website to interact with internal MCP servers...

9.6CVSS5.8AI score0.00374EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/03/25 12:0 a.m.•8 views

PT-2026-28173

Name of the Vulnerable Software and Affected Versions Picomatch versions prior to 4.0.4 Picomatch versions prior to 3.0.2 Picomatch versions prior to 2.3.2 Description Picomatch, a JavaScript glob matcher, contains a flaw where specially crafted POSIX bracket expressions, such as :constructor:, c...

5.3CVSS6.1AI score0.0041EPSS

Exploits0References15

Positive Technologies•added 2026/03/25 12:0 a.m.•7 views

PT-2026-28076

Name of the Vulnerable Software and Affected Versions plexus-utils versions prior to 6d780b3378829318ba5c2d29547e0012d5b29642 Description A directory traversal issue exists in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils. This allows an attacker to execute arbitrary...

8.8CVSS6.1AI score0.0111EPSS

Exploits0References85

RedhatCVE•added 2026/03/24 8:51 p.m.•3 views

CVE-2026-27654

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS5.7AI score0.07865EPSS

Exploits0References4

Snyk•added 2026/03/24 7:33 p.m.•2 views

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the token URL query parameter, which is accepted by the authentication process. An attacker can obtain sensitive API credentials by accessing logs, browser history, clipboard...

5.3CVSS5.9AI score0.00273EPSS

Exploits1References2

NVD•added 2026/03/24 7:16 p.m.•6 views

CVE-2026-33768

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

9.1CVSS0.00331EPSS

Exploits1References4

NVD•added 2026/03/24 6:16 p.m.•2 views

CVE-2026-33400

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...

5.4CVSS0.00193EPSS

Exploits1References2