CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/09 4:8 a.m.•7 views

CVE-2026-42309 Pillow: Heap buffer overflow with nested list coordinates

5.1CVSS5.8AI score0.00015EPSS

Cvelist•added 2026/05/09 4:8 a.m.•34 views

CVE-2026-42309 Pillow: Heap buffer overflow with nested list coordinates

5.1CVSS0.00015EPSS

Patchstack•added 2026/05/09 12:45 a.m.•3 views

NPM: Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

NPM: Hono has improper validation of NumericDate claims exp, nbf, iat in JWT verify vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...

Exploits0References3Affected Software1

Github Security Blog•added 2026/05/09 12:45 a.m.•6 views

Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Summary Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exploitable by an anonymous attacker; it only manifests when a malformed claim value reaches...

Exploits0References3Affected Software1

OSV•added 2026/05/09 12:45 a.m.•1 views

GHSA-HM8Q-7F3Q-5F36 Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Positive Technologies•added 2026/05/09 12:0 a.m.•23 views

PT-2026-39329

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This occurs because the...

NVD•added 2026/05/08 12:16 p.m.•7 views

Exploits0References4

CVE-2026-8076

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This coul...

9.3CVSS0.00106EPSS

CVE•added 2026/05/08 11:55 a.m.•10 views

CVE-2026-8076

CVE-2026-8076 concerns the CashDro 3 web administration panel (version 24.01.00.26). The identified issue is weak credentials enabling PIN-based authentication, which supports numeric PINs compatible with POS integrations dating back to 2012. This design allows an attacker to perform brute-force ...

9.3CVSS5.8AI score0.00106EPSS

Snyk•added 2026/05/08 9:23 a.m.•5 views

Numeric Truncation Error

Overview Affected versions of this package are vulnerable to Numeric Truncation Error due to pointer difference truncation to int in multiple locations. An attacker can cause incorrect memory calculations by providing specially crafted input. Remediation A fix was pushed into the master branch bu...

5.3CVSS5.8AI score0.0001EPSS

Veracode•added 2026/05/06 3:58 p.m.•7 views

Privilege Escalation

github.com/grafana/grafana is vulnerable to privilege escalation. The vulnerability is due to inadequate validation of the SCIM externalId field, which allows a malicious or compromised SCIM client to assign numeric values that override internal user IDs, enabling attackers to impersonate users o...

10CVSS6AI score0.00057EPSS

Exploits1References6Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в ruby2.5

REXML is an XML toolkit for Ruby. The REXML gem prior to version 3.3.9 has a ReDoS vulnerability when it parses an XML document containing many digits between “&” and “x…” in a hexadecimal character reference &x…. This issue does not occur in Ruby 3.2 or later versions. Ruby 3.1 is the only...

8.7CVSS6.7AI score0.01645EPSS

OSV•added 2026/05/03 9:57 a.m.•5 views

OESA-2026-2188 uriparser security update

The package is a strictly RFC 3986 compliant URI parsing library written in C89"ANSI C". uriparser is cross-platform, fast, supports Unicode and is licensed under the New BSD license. There are a number of applications, libraries and hardware using uriparser, as well as bindings and 3rd-party...

5.1CVSS5.8AI score0.00007EPSS

OSV•added 2026/05/03 9:57 a.m.•1 views

OESA-2026-2187 uriparser security update

5.1CVSS5.8AI score0.00007EPSS

CNNVD•added 2026/05/01 12:0 a.m.•6 views

Oracle Linux 数字错误漏洞

Oracle Linux is an open and complete operating environment from Oracle Corporation USA that provides virtualization, management and cloud-native computing tools, and operating systems. Oracle Linux suffers from a numeric error vulnerability that stems from integer division by zero in...

5.5CVSS5.8AI score0.00018EPSS

Exploits0References1

CNNVD•added 2026/05/01 12:0 a.m.•4 views

Open SAE J1939 数字错误漏洞

Open SAE J1939 is a CAN bus communication protocol library for industrial vehicles from the individual developer Daniel Mårtensson. Open SAE J1939 suffers from a numeric error vulnerability that stems from an integer underflow in the SAEJ1939ReadTransportProtocolDataTransfer function, which allow...

9.8CVSS5.9AI score0.00022EPSS

Exploits0References1

RedhatCVE•added 2026/04/27 12:48 p.m.•1 views

CVE-2026-42371

A flaw was found in uriparser. This vulnerability occurs due to numeric truncation in text range comparison when an application processes extremely long Uniform Resource Identifiers URIs, specifically those with lengths in gigabytes. A local attacker could exploit this flaw by providing a...

5.1CVSS5.3AI score0.00005EPSS

Exploits0References5

NVD•added 2026/04/27 7:16 a.m.•1 views

CVE-2026-42371

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes...

5.1CVSS0.00005EPSS