CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3895 matches found

CVE-2026-8936

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

8.2CVSS6.5AI score0.00014EPSS

Exploits0References1

OSV•added 14 hours ago•4 views

BIT-AIRFLOW-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.4AI score0.00047EPSS

Exploits0References3

OSV•added 14 hours ago•4 views

BIT-AIRFLOW-2026-42358 Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.4AI score0.00047EPSS

Exploits0References3

Nuclei•added 17 hours ago•8 views

Mongoose - NoSQL Injection

NoSQL injection vulnerability in Mongoose 8.9.5 affecting the populate function's match option. This vulnerability exists due to an incomplete fix for CVE-2024-53900. While direct $where injection is blocked, attackers can bypass this protection by nesting $where operators within logical operator...

9.8CVSS8.4AI score0.55322EPSS

Exploits3References4

RedHat Linux•added yesterday•4 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS7AI score0.00027EPSS

Exploits1References6

RedHat Linux•added 2 days ago•5 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

7.5CVSS6.6AI score0.00027EPSS

Exploits1References6

RedHat Linux•added 2 days ago•8 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

7.5CVSS6.6AI score0.00027EPSS

Exploits1References6

CVE•added 2 days ago•17 views

CVE-2026-5241

Technical details (affected products, versions, fixes, or exploit specifics) are not publicly available in the provided connected documents. Monitor for updates from vendors and security advisories.

9.6CVSS7.9AI score0.0007EPSS

Exploits1References2Affected Software1

EUVD•added 2 days ago•7 views

EUVD-2026-34033

8.2CVSS5.7AI score0.00014EPSS

Exploits0References2

ATTACKERKB•added 3 days ago•5 views

CVE-2026-8936

8.2CVSS5.7AI score0.00014EPSS

Exploits0References2Affected Software1

Cvelist•added 3 days ago•23 views

CVE-2026-8936 Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM

8.2CVSS0.00014EPSS

Exploits0References1

CVE•added 3 days ago•26 views

CVE-2026-8936

CVE-2026-8936 describes an unbounded recursion in the grpcfuse kernel module that can cause a VM panic in the Docker Desktop VM when a container creates deeply nested directories on a bind-mounted host folder, triggering a dentry invalidation event. The issue has been fixed in Docker Desktop 4.76...

8.2CVSS5.7AI score0.00014EPSS

Exploits0References1

RedHat Linux•added 3 days ago•6 views

axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the toFormData function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js...

7.5CVSS5.8AI score0.00023EPSS

Exploits1References5

Positive Technologies•added 3 days ago•6 views

PT-2026-45868

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.76.0 Description A VM panic occurs due to unbounded recursion within the grpcfuse kernel module. This happens when a container creates deeply nested directories on a bind-mounted host folder and triggers a...

8.2CVSS5.8AI score0.00014EPSS

Exploits0References3

EUVD•added 4 days ago•7 views

EUVD-2026-33723

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

8.2CVSS5.8AI score0.00045EPSS

Exploits0References3

OSV•added 4 days ago•2 views

PYSEC-2026-172

6.5CVSS5.8AI score0.00047EPSS

Exploits0References2

PyPA•added 4 days ago•6 views

PYSEC-2026-172

7.5CVSS5.8AI score0.00047EPSS

Exploits0References2Affected Software1

NVD•added 4 days ago•10 views

CVE-2026-42360

6.5CVSS0.00047EPSS

Exploits0References2

PyPA•added 4 days ago•4 views

PYSEC-0000-CVE-2026-42360

6.5CVSS5.8AI score0.00047EPSS

Exploits0References2Affected Software1

Snyk•added 4 days ago•5 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the handling of rendered template fields when the length exceeds the configured maximum, causing nested sensitive keys within JSON structures to be stringified before redaction and...

7.1CVSS5.8AI score0.00047EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by