CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

54602 matches found

RedhatCVE•added 2026/05/07 8:21 p.m.•5 views

CVE-2026-40076

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...

9.4CVSS6.5AI score0.00853EPSS

Exploits1References1

RedhatCVE•added 2026/05/07 8:21 p.m.•6 views

CVE-2026-30815

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...

8.5CVSS7.4AI score0.0116EPSS

Exploits0References1

RedhatCVE•added 2026/05/07 8:21 p.m.•6 views

CVE-2026-30814

A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...

8CVSS6.5AI score0.00418EPSS

Exploits0References1

NVD•added 2026/05/07 8:16 p.m.•11 views

CVE-2026-42501

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

7.5CVSS0.00231EPSS

Exploits0References4

OSV•added 2026/05/07 8:16 p.m.•6 views

DEBIAN-CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0References1

UbuntuCve•added 2026/05/07 8:16 p.m.•5 views

CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0References7

OSV•added 2026/05/07 8:16 p.m.•2 views

UBUNTU-CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0References8

OSSF Malicious Packages•added 2026/05/07 8:7 p.m.•8 views

Malicious code in pycacheopt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cf50eae305079227b5283e08547cc201f941624c95e49460c3e6544cdd1e221b The extension module hides code that in specific circumstances executes given code. The malicious action is hidden only in the extension module with the...

5.9AI score

Exploits0References2

OSV•added 2026/05/07 8:7 p.m.•5 views

MAL-2026-3371 Malicious code in pycacheopt (PyPI)

5.9AI score

Exploits0References2

ATTACKERKB•added 2026/05/07 7:41 p.m.•9 views

CVE-2026-42501

5.8AI score0.00231EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/07 7:41 p.m.•8 views

CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go

5.8AI score0.00231EPSS

Exploits0References4

AlpineLinux•added 2026/05/07 7:41 p.m.•8 views

CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0

CVE•added 2026/05/07 7:41 p.m.•24 views

CVE-2026-42501

CVE-2026-42501 affects the Go toolchain download path via untrusted module proxies (GOMODPROXY) or checksum databases (GOSUMDB). The flaw allows a malicious module proxy to bypass checksum database validation when the Go toolchain is downloaded/selected (via GOTOOLCHAIN, go.work, or go.mod toolch...

7.5CVSS5.8AI score0.00231EPSS

Exploits0References4Affected Software1

Debian CVE•added 2026/05/07 7:41 p.m.•7 views

CVE-2026-42501

7.5CVSS5.8AI score0.00231EPSS

Exploits0

OSV•added 2026/05/07 7:37 p.m.•5 views

GHSA-R736-2678-FCRX FacturaScripts vulnerable to stored XSS via product reference in sales/purchases

Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...

5.4CVSS6.1AI score0.00165EPSS

Exploits0References3

OSV•added 2026/05/07 7:33 p.m.•6 views

GHSA-Q7F2-RV22-2XGR FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

Summary Fectura Scripts is an open-source ERP application, a sensitive information disclosure vulnerability was identified in the Library module's image upload and download pipeline. The application fails to strip EXIF and other embedded metadata from user-uploaded image files before storing them...

6.5CVSS5.8AI score0.00227EPSS

Exploits0References4

Github Security Blog•added 2026/05/07 7:33 p.m.•7 views

FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

6.5CVSS7.1AI score0.00227EPSS

Exploits0References4Affected Software1

Snyk•added 2026/05/07 7:21 p.m.•6 views

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol. Go Vulnerability Report: A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any...

7.5CVSS5.8AI score0.00231EPSS

Exploits0References3

OSV•added 2026/05/07 7:21 p.m.•7 views

GO-2026-4984 Malicious module proxy can bypass checksum database in cmd/go

7.5CVSS5.8AI score0.00231EPSS

Exploits0References3

RedHat Linux•added 2026/05/07 7:8 p.m.•5 views

NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file

A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...

8.5CVSS5.8AI score0.00285EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by