CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

CVE-2026-37235

FlexRIC v2.0.0 trusts the xappid field from E42 message payloads without binding it to the sender's SCTP association. The validation function validxappid only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xappid ...

7.5CVSS5.8AI score0.00062EPSS

Exploits1References1

Positive Technologies•added 3 days ago•6 views

PT-2026-45513

FlexRIC v2.0.0 trusts the xapp id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid xapp id only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xapp...

5.8AI score0.00062EPSS

Exploits1References3

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable – incorrect pppoe tuple PPPoE traffic that reaches the ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in th...

5.5CVSS6.2AI score0.00021EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в php7.3

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21, and 8.0.x below 8.0.8, when using URL validation functionality via the filterVar function with the FILTERVALIDATEURL parameter, a URL with an invalid password field can be accepted as valid. This can cause the code to incorrectly parse the U...

5.3CVSS6.8AI score0.00294EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в haproxy

Before version 2.8.2, HAProxy allowed to be part of the URI component. This could allow remote attackers to obtain sensitive information or cause unspecified other issues due to misinterpretation of the pathend rule, such as routing index.html.png to a static server...

8.2CVSS6.8AI score0.00027EPSS

Exploits0References2

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-33976

HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end...

3.7CVSS5.8AI score0.00041EPSS

Exploits0References2

OSV•added 2026/04/07 3:30 p.m.•1 views

GHSA-5QCV-4RPC-JP93 Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

8.7CVSS5.9AI score0.00025EPSS

Exploits0References11

Vulnrichment•added 2026/04/07 1:7 p.m.•0 views

CVE-2026-35554 Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

6.1AI score0.00025EPSS

Exploits0References2

Cvelist•added 2026/04/07 1:7 p.m.•12 views

CVE-2026-35554 Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

0.00025EPSS

Exploits0References2

Cvelist•added 2026/03/20 10:56 p.m.•20 views

CVE-2026-31903 IGL-Technologies eParking.fi Improper Restriction of Excessive Authentication Attempts

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

8.7CVSS0.00031EPSS

Exploits0References2

ATTACKERKB•added 2026/03/20 10:45 p.m.•2 views

CVE-2026-31904

8.7CVSS5.8AI score0.00098EPSS

Exploits0References4

NVD•added 2026/03/20 9:16 a.m.•3 views

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS0.00015EPSS

Exploits1References3

CNVD•added 2026/03/12 12:0 a.m.•1 views

OpenClaw has an unspecified vulnerability (CNVD-2026-13596)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from a Webhook routing issue in the Google Chat monitor component, which can be exploited by an attacker to cause cross-account policy context misrouting that bypass...

8.2CVSS5.8AI score0.00042EPSS

Exploits0References1

RedhatCVE•added 2026/03/07 1:44 a.m.•1 views

CVE-2026-28469

OpenClaw versions prior to 2026.2.14 contain a webhook routing vulnerability in the Google Chat monitor component that allows cross-account policy context misrouting when multiple webhook targets share the same HTTP path. Attackers can exploit first-match request verification semantics to process...

8.2CVSS5.8AI score0.00042EPSS

Exploits0References1