CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

53162 matches found

SUSE CVE-2026-9334

Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeysasarrayref is enabled. decodehv collapses duplicate object keys into an array reference under dupkeysasarrayref. The branch reached for a duplicate key tests SvTYPE oldvalue != SVtRV && SvTYP...

8.1CVSS5.8AI score0.00037EPSS

Exploits0References3

SUSE CVE•added 2 days ago•5 views

SUSE CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS5.9AI score0.00038EPSS

Exploits0References3

SUSE CVE•added 2 days ago•7 views

SUSE CVE-2026-10705

A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...

3.1CVSS5.1AI score0.00046EPSS

Exploits0References3

Cvelist•added 2 days ago•23 views

CVE-2025-67447

The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...

9.8CVSS0.00287EPSS

Exploits0References2

CVE•added 2 days ago•8 views

CVE-2025-67447

The CVE concerns the ping module in Neterbit NW-431F Router (versions up to 20241014-IR03) with OS command injection via unsanitized IP address input fed to the system ping. The input validation flaw allows an attacker to inject arbitrary commands, which would run with the web server’s privileges...

9.8CVSS6AI score0.00287EPSS

Exploits0References2

ATTACKERKB•added 2 days ago•3 views

CVE-2025-67447

9.8CVSS6AI score0.00287EPSS

Exploits0References3

Vulnrichment•added 2 days ago•5 views

CVE-2025-67447

9.8CVSS6AI score0.00287EPSS

Exploits0References2

Vulnrichment•added 2 days ago•6 views

CVE-2025-67448

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...

7.1CVSS5.8AI score0.00033EPSS

Exploits0References2

CVE•added 2 days ago•7 views

CVE-2025-67448

The vulnerability CVE-2025-67448 affects the SMS module of the Neterbit NW-431F Router (versions 20241014-IR03 and earlier). The issue is a stored XSS flaw where user input in SMS messages is not properly sanitized before storing and displaying. As a result, an attacker can send an SMS containing...

7.1CVSS5.8AI score0.00033EPSS

Exploits0References2

Tenable Nessus•added 2 days ago•5 views

RockyLinux 10 : httpd (RLSA-2026:21433)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21433 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read du...

9.8CVSS6.3AI score0.00648EPSS

Exploits0References11

Positive Technologies•added 2 days ago•10 views

PT-2026-46154

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted...

7.2CVSS5.8AI score0.00015EPSS

Exploits0References2

Tenable Nessus•added 2 days ago•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-8829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer re...

7.5CVSS5.7AI score0.00029EPSS

Exploits0References3

RedHat Linux•added 3 days ago•5 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00065EPSS

Exploits0References5

Github Security Blog•added 3 days ago•5 views

browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler

Summary The HTTP handler /log in lib/server.js lines 491–515 of browserstack-runner passes unauthenticated user-supplied data to vm.runInNewContext combined with eval, enabling a sandbox escape and arbitrary code execution on the host system. Details When browserstack-runner starts, it creates an...

8.8CVSS6.5AI score0.00151EPSS

Exploits0References4Affected Software1

NVD•added 3 days ago•5 views

CVE-2026-43924

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

4.8CVSS0.00036EPSS

Exploits0References2

CVE•added 3 days ago•14 views

CVE-2026-43924

Summary: CVE-2026-43924 affects FOSSBilling prior to v0.8.0, where the Redirect module does not validate URL schemes for administrator-configured redirect targets, allowing open redirects. This can cause legitimate user traffic to be redirected to attacker-controlled sites via a 301 response (bro...

4.8CVSS5.9AI score0.00036EPSS

Exploits0References2