CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

125268 matches found

RedHat Linux•added 2026/05/12 12:29 p.m.•13 views

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

7.8CVSS7.2AI score0.94016EPSS

Exploits227References14

IBM Security Bulletins•added 2026/05/12 12:28 p.m.•4 views

Security Bulletin: Buffer overflow vulnerability in OMR affect Rational Business Developer

Summary There are vulnerabilities in Eclipse OMR used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to...

9.8CVSS7.6AI score0.00491EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/12 12:3 p.m.•3 views

Security Bulletin: A security vulnerability have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2026-1188]

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS7.4AI score0.00491EPSS

Exploits0Affected Software1

OSSF Malicious Packages•added 2026/05/12 11:39 a.m.•8 views

Malicious code in kaggle-runner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71 kagglerunner/coordinator.py embeds a bash reverse-shell template rvsstr that connects to vtool.duckdns.org:23454 via ncat with retry/backoff plus a...

5.8AI score

Exploits0References1

OSV•added 2026/05/12 11:39 a.m.•5 views

MAL-2026-3693 Malicious code in kaggle-runner (PyPI)

5.8AI score

Exploits0References1

IBM Security Bulletins•added 2026/05/12 11:2 a.m.•11 views

Security Bulletin: Content Manager Enterprise Edition for June 2026 - Multiple CVEs

Summary Content Manager Enterprise Edition is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-342...

8.7CVSS7.8AI score0.00378EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/12 10:55 a.m.•4 views

Security Bulletin: IBM Event Processing is vulnerable to information disclosure (CVE-2025-68429)

Summary IBM Event Processing may be vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2025-68429 DESCRIPTION: Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to version...

7.3CVSS7AI score0.00235EPSS

Exploits0Affected Software1

OSV•added 2026/05/12 10:16 a.m.•4 views

DEBIAN-CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.8AI score0.00279EPSS

Exploits0References1

NVD•added 2026/05/12 10:16 a.m.•8 views

CVE-2026-8162

7.5CVSS0.00279EPSS

Exploits0References2

OSV•added 2026/05/12 10:16 a.m.•3 views

DEBIAN-CVE-2026-8161

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS

Exploits1References1

NVD•added 2026/05/12 10:16 a.m.•10 views

CVE-2026-8072

Insecure generation of credentials in the local SAT Technical Support access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an...

9.2CVSS0.00152EPSS

Exploits0References2

NVD•added 2026/05/12 10:16 a.m.•18 views

CVE-2026-8161

7.5CVSS0.00473EPSS

Exploits1References2

NVD•added 2026/05/12 10:16 a.m.•14 views

CVE-2025-40946

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...

8.3CVSS0.0018EPSS

Exploits0References1

Talos Blog•added 2026/05/12 10:0 a.m.•6 views

State-sponsored actors, better known as the friends you don’t want

State-sponsored actors don't break in. They log in, and they use your own tools to stay invisible for months. Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. From logging and baselines to OT segmentation and suppl...

5.9AI score

Exploits0

CVE•added 2026/05/12 9:57 a.m.•22 views

CVE-2026-8072

CVE-2026-8072 affects the Ingecon Sun EMS Board, via insecure generation of local SAT (Technical Support) access credentials. The root cause is a weak cryptographic scheme used to derive secret credentials, enabling privilege escalation. The CVSS vector indicates Network access, high attack compl...

9.2CVSS5.8AI score0.00152EPSS

Exploits0References2