CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 6 days ago•9 views

CVE-2026-10611

8.2CVSS0.00073EPSS

ATTACKERKB•added 6 days ago•5 views

CVE-2026-10611

Cvelist•added 6 days ago•31 views

CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled

8.2CVSS0.00073EPSS

CVE•added 6 days ago•12 views

CVE-2026-10611

CVE-2026-10611 affects MISP when LDAP mixed authentication is enabled (LdapAuth.mixedAuth=true) and OTP enforcement (Security.require_otp=true). The vulnerability arises because a user authenticated via a plugin (e.g., LDAP) can have a session established during the application beforeFilter phase...

Vulnrichment•added 6 days ago•6 views

CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled

EUVD•added 6 days ago•8 views

EUVD-2026-33917

CVE•added 2026/05/28 3:9 p.m.•27 views

CVE-2026-48526

PyJWT (Python) prior to 2.13.0 did not validate the use of JSON Web Keys in HMAC verification, allowing an attacker to use the issuer public key as the HMAC secret during token verification. This could enable forging tokens when mixing RS/EC/JWK and HS algorithms. The issue is fixed in PyJWT 2.13...

7.4CVSS5.8AI score0.00017EPSS

Exploits1References1Affected Software1

OSV•added 2026/05/26 7:31 p.m.•9 views

JLSEC-2026-534

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

6.5CVSS6.9AI score0.00718EPSS

Exploits0References14

Positive Technologies•added 2026/05/26 12:0 a.m.•3 views

PT-2026-47099

jp2/opj decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj image destroy twice...

5.5AI score

Exploits0References8

EUVD•added 2026/05/21 8:14 a.m.•5 views

EUVD-2026-31247

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...

3.7CVSS5.8AI score0.00135EPSS

SUSE CVE•added 2026/05/21 3:0 a.m.•11 views

SUSE CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

5CVSS6.5AI score0.00383EPSS

Exploits0References35

AstraLinux•added 2026/05/20 5:53 a.m.•7 views

Astra Linux - уязвимость в curl

This flaw allows a malicious HTTP server to set “super cookies” using curl, which are then transmitted back to multiple origins beyond what is allowed or possible. This enables a site to set cookies that are then sent to different and unrelated sites and domains. The attack can occur by exploitin...

6.5CVSS6.4AI score0.00219EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в apache2

A properly crafted URI sent to httpd, configured as a forward proxy with ProxyRequests enabled, can cause a crash NULL pointer dereference. In configurations that mix forward and reverse proxy declarations, it can also allow requests to be directed to a declared Unix Domain Socket endpoint...

8.2CVSS7.1AI score0.0925EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в chromium

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass the mixed content policy through a crafted HTML page. Chromium security severity: Low...

9.8CVSS6.6AI score0.0035EPSS

Exploits1References2

5.9CVSS6.8AI score0.00111EPSS

Astra Linux - уязвимость в libxml2

A vulnerability was discovered in libxml2 in versions prior to 2.9.11. This vulnerability allows errors to go unnoticed during the parsing of XML mixed content, resulting in a NULL dereference. If an untrusted XML document is parsed in recovery mode and after post-validation, this flaw could be...

7.1CVSS5.7AI score0.00017EPSS

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: Fixed an issue where OOB reading occurred during the wrap check of SQEMIXED. The function iouringshowfdinfo iterates over pending SQEs. For 128-byte SQEs within an IORINGSETUPSQEMIXED ring, it needs to detect when...

6.5CVSS6.9AI score0.00718EPSS

Astra Linux - уязвимость в openjpeg2

In OpenJPEG version 2.3.1, the jp2/opjdecompress.c file contains a use-after-free issue. This issue can occur if there is a mix of valid and invalid files in a directory that is processed by the decompressor. It is also possible for a double free to occur. This issue is related to calling...

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Calls boot services in mixed mode on the firmware’s stack Normally, the EFI stub calls into EFI boot services using the stack that was active when the stub was invoked. According to the UEFI specification, this stack...

5.5CVSS6AI score0.00011EPSS

5.5CVSS6.2AI score0.00063EPSS

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: gso: Fixed a panic that occurred when using a fraglist with mixed head allocation types. Since the commit 3dcbdb134f32 “net: gso: Fixed an error in skbsegment when splitting a gsosize mangled skb having linear-headed...