CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1217 matches found

CVE-2026-49261

A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...

10CVSS6.6AI score0.00447EPSS

Exploits0References5

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: VMCI: fixed a race condition between vmcihostsetupnotify and vmcictxunsetnotify. During our testing, it was found that a warning can occur in trygrabfolio. The detailed error message is as follows: ----------- Cut here ----------...

7CVSS6.3AI score0.00129EPSS

Exploits0References2

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Refactor the bind path to use free After a bind/unbind cycle, the ncm-notifyreq remains stale. If a subsequent bind fails, the unified error handling mechanism attempts to free this stale request. This leads to...

5.7AI score0.00171EPSS

Exploits0References2

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: net: caif: fixed a memory leak in caifdevicenotify In the event of a failure in caifenrolldev, the allocated linksupport will not be assigned to the corresponding structure. Therefore, simply free the allocated pointer in case of...

5.5CVSS5.3AI score0.00228EPSS

Exploits0References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/ipv6: avoided a possible Use After Free UAF in ip6routempathnotify syzbot discovered another use-after-free in ip6routempath Notify. 1 The commit f7225172f25a “net/ipv6: prevent use after free in ip6routempath Notify” fail...

7.8CVSS6.4AI score0.00269EPSS

Exploits0References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fixed reference count leaks in nfs42proccopynotify. You rarely receive emails from [email protected]. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification. The reference counting issue occurs i...

5.5CVSS5.7AI score0.00229EPSS

Exploits0References2

Vulnrichment•added 2026/06/11 5:13 p.m.•7 views

CVE-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.6AI score0.00447EPSS

Exploits0References2

OSV•added 2026/06/10 10:57 a.m.•3 views

OPENSUSE-SU-2026:20933-1 Security update for mariadb

This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168:...

10CVSS5.3AI score0.00457EPSS

Exploits1References24

OSV•added 2026/06/10 9:53 a.m.•2 views

SUSE-SU-2026:22095-1 Security update for mariadb

10CVSS7.6AI score0.00457EPSS

Exploits1References25

OSV•added 2026/06/10 7:39 a.m.•5 views

SUSE-SU-2026:2330-1 Security update for mariadb

This update for mariadb fixes the following issues: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168: wsrep SST unsafe...

10CVSS7.2AI score0.00457EPSS

Exploits1References25

RedhatCVE•added 2026/06/05 7:24 p.m.•7 views

CVE-2026-8425

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS5.4AI score0.00135EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:19 p.m.•5 views

CVE-2026-5229

The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email...

9.8CVSS5.5AI score0.0073EPSS

Exploits1References1

SUSE Linux•added 2026/06/05 12:16 p.m.•10 views

Security update for mariadb

This update for mariadb fixes the following issues: CVE-2026-3494: audit plugin comment handling bypass bsc1259176. CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. CVE-2026-44170: argument...

9.4CVSS7.1AI score0.00457EPSS

Exploits1References40

OSV•added 2026/06/02 5:33 p.m.•5 views

CLSA-2026-1780406874 Fix CVE(s): CVE-2026-3039, CVE-2026-5946

SECURITY UPDATE: Multiple assertion failures in named when handling DNS messages with non-IN class CHAOS, HESIOD or meta-classes ANY, NONE in UPDATE, NOTIFY, and recursion paths - debian/patches/CVE-2026-5946.patch: disable recursion for non-IN views, reject UPDATE and NOTIFY for non-IN classes,...

7.5CVSS5.8AI score0.00966EPSS

Exploits0References3

RedhatCVE•added 2026/05/28 8:12 p.m.•8 views

CVE-2026-44319

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error...

7.5CVSS5.8AI score0.00404EPSS

Exploits1References1

EUVD•added 2026/05/27 3:49 p.m.•11 views

EUVD-2026-32579

7.5CVSS5.8AI score0.00404EPSS

Exploits1References4

NVD•added 2026/05/27 8:16 a.m.•15 views

CVE-2026-3375

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notifyccss and /wp-json/litespeed/v1/notifyucss REST API endpoints in all versions up to, and including, 7.7. These endpoints accept CSS content from QUIC.cloud callback notificatio...

7.2CVSS0.00359EPSS

Exploits0References8

Cvelist•added 2026/05/27 6:0 a.m.•33 views

CVE-2026-6268 EventPress < 22.2 – Reflected Cross-Site Scripting

The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpresscustomizernotifydismissaction AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-in...

0.00164EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 6:0 a.m.•8 views

CVE-2026-6268

5.8AI score0.00164EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-43496

The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress customizer notify dismiss action AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-...

5.8AI score0.00164EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by