CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.1CVSS5.9AI score0.00278EPSS

Linux Distros Unpatched Vulnerability : CVE-2026-12292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird...

7.3CVSS5.9AI score0.00209EPSS

Linux Distros Unpatched Vulnerability : CVE-2026-12324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and...

Exploits0References3

5.3CVSS5.9AI score0.00252EPSS

Linux Distros Unpatched Vulnerability : CVE-2026-12301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12301 Note that Nessus relies on the presence ...

Exploits0References2

Tenable Nessus•added 2026/06/16 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via TOCTOU in mount8 hookowner.c chmod/chown CVE-2026-53612 Note that Nessus relies o...

5.9AI score

Exploits0References3

Linux Distros Unpatched Vulnerability : CVE-2026-54411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in...

8.2CVSS5.9AI score0.00321EPSS

Positive Technologies•added 2026/06/15 12:0 a.m.•9 views

PT-2026-49616

CVE ID :CVE-2026-54295 Published : June 15, 2026, 6:32 p.m. | 1 hour, 18 minutes ago Description :None Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

5.2AI score0.0004EPSS

OSV•added 2026/06/14 6:17 p.m.•3 views

DEBIAN-CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.4AI score0.00321EPSS

CVE•added 2026/06/14 5:21 p.m.•26 views

CVE-2026-54411

Linux-PAM up to 1.7.2 is affected by a timing side-channel in the pam_userdb plaintext-password comparison path (modules/pam_userdb/pam_userdb.c). When configured with crypt=none, an unrecognized crypt method, or without a crypt= argument, credentials are stored/compared in plaintext. The compari...

8.2CVSS5.4AI score0.00321EPSS

Cvelist•added 2026/06/14 5:21 p.m.•24 views

CVE-2026-54411

8.2CVSS0.00321EPSS

EUVD•added 2026/06/14 5:21 p.m.•10 views

EUVD-2026-36662

8.2CVSS5.4AI score0.00321EPSS

Vulnrichment•added 2026/06/14 5:21 p.m.•8 views

CVE-2026-54411

8.2CVSS5.3AI score0.00321EPSS

Tenable Nessus•added 2026/06/13 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2025-55641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...

5.5CVSS5.5AI score0.00188EPSS

Exploits1References3

Snyk•added 2026/06/12 4:39 p.m.•6 views

Authorization Bypass Through User-Controlled Key

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the V1 collection-level endpoints passing None for tenant and database to the authorization layer. An attacker can gain unauthorized access to resources by...

8.8CVSS5.4AI score0.00251EPSS

Exploits0References2

Vulnrichment•added 2026/06/12 3:11 p.m.•11 views

CVE-2026-45832

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

8.8CVSS5.3AI score0.00251EPSS

EUVD•added 2026/06/12 3:11 p.m.•7 views

EUVD-2026-36483

8.8CVSS5.3AI score0.00251EPSS

Cvelist•added 2026/06/12 3:11 p.m.•27 views

CVE-2026-45832

8.8CVSS0.00251EPSS

CVE•added 2026/06/12 3:11 p.m.•33 views

CVE-2026-45832

CVE-2026-45832 affects the Python project of ChromaDB. All V1 collection-level endpoints pass None for the tenant and database to the authorization layer, which allows attackers to bypass authorization controls when using the V1 endpoints. The reports do not provide any explicit remediation steps...

8.8CVSS5.3AI score0.00251EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/06/12 2:35 p.m.•12 views

CVE-2026-44631

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service. Mitigation Only loadtrustedApache configuration; the bug triggers...

9.8CVSS5.4AI score0.00486EPSS