CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7470 matches found

SUSE CVE•added 2026/03/25 4:54 p.m.•2 views

SUSE CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.7AI score0.0003EPSS

Exploits0References3

RedhatCVE•added 2026/03/25 11:39 a.m.•0 views

CVE-2026-23330

A flaw was found in the Linux kernel's Near Field Communication NFC Controller Interface NCI subsystem. When an NFC device is closed, the nciclosedevice function may not properly complete pending data exchanges. This can lead to a resource leak, where unreferenced socket objects consume system...

5.7AI score0.00018EPSS

Exploits0References4

NVD•added 2026/03/25 11:16 a.m.•0 views

CVE-2026-23348

In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimmbus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a 3s sleep right before the test seems to make the issue reproduce fairly consistently. The...

4.7CVSS0.00014EPSS

Exploits0References3

Debian CVE•added 2026/03/25 10:27 a.m.•2 views

CVE-2026-23348

4.7CVSS5.2AI score0.00014EPSS

Exploits0

CNNVD•added 2026/03/25 12:0 a.m.•2 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition and may lead to the use of deallocated objects...

7.8CVSS7AI score0.00014EPSS

Exploits0References5

EUVD•added 2026/03/24 9:31 p.m.•2 views

EUVD-2026-14950

7.1CVSS5.7AI score0.0003EPSS

Exploits0References2

OSV•added 2026/03/24 8:16 p.m.•3 views

UBUNTU-CVE-2026-33349

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a...

5.9CVSS5.4AI score0.00039EPSS

Exploits1References4

NVD•added 2026/03/24 7:16 p.m.•1 views

CVE-2026-23919

7.1CVSS0.0003EPSS

Exploits0References1

OSV•added 2026/03/24 7:16 p.m.•1 views

DEBIAN-CVE-2026-23919

7.1CVSS5.3AI score0.0003EPSS

Exploits0References1

OSV•added 2026/03/24 7:16 p.m.•4 views

UBUNTU-CVE-2026-23919

7.1CVSS5.8AI score0.0003EPSS

Exploits0References3

ATTACKERKB•added 2026/03/24 6:26 p.m.•7 views

CVE-2026-23919

7.1CVSS5.7AI score0.0003EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/24 6:26 p.m.•3 views

CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

7.1CVSS5.7AI score0.0003EPSS

Exploits0References1

CVE•added 2026/03/24 6:26 p.m.•9 views

CVE-2026-23919

CVE-2026-23919 affects Zabbix Server/Proxy where JavaScript (Duktape) contexts are reused for performance, potentially causing confidentiality leakage by non-super administrators who can access hosts they shouldn’t. The issue stems from shared execution contexts used by script items, JavaScript r...

7.1CVSS5.7AI score0.0003EPSS

Exploits0References1

Debian CVE•added 2026/03/24 6:26 p.m.•3 views

CVE-2026-23919

7.1CVSS5.3AI score0.0003EPSS

Exploits0

Cvelist•added 2026/03/24 6:26 p.m.•17 views

CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

7.1CVSS0.0003EPSS

Exploits0References1

Positive Technologies•added 2026/03/24 12:0 a.m.•5 views

PT-2026-27473

Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 7.4 Description A design flaw in Zabbix Server/Proxy related to JavaScript Duktape context reuse can result in data leakage. Specifically, a regular Zabbix administrator may unintentionally expose data for hosts they a...

7.1CVSS5.7AI score0.0003EPSS

Exploits0References16

Microsoft Secure•added 2026/03/23 4:0 p.m.•3 views

Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started

In this article 1. The growing threat: GPO abuse in ransomware operations 2. The incident 3. The results 4. The hardening dilemma: Why threat actors love operational mechanisms 5. Predictive shielding: Contextual, just-in-time hardening 6. Closing the gap 7. References Summary Microsoft Defender...

6.2AI score

Exploits0

ATTACKERKB•added 2026/03/23 1:37 p.m.•4 views

CVE-2026-4647

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can caus...

6.1CVSS5.7AI score0.00005EPSS

Exploits0References4

OSV•added 2026/03/20 8:44 p.m.•5 views

GHSA-FPH2-R4QG-9576 Parse Server's LiveQuery bypasses CLP pointer permission enforcement

Impact Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any authenticated user can subscribe to LiveQuery events and receive real-time updates for all objects in classes protected by pointer permissions,...

7.1CVSS5.8AI score0.00012EPSS

Exploits0References7

Cvelist•added 2026/03/20 7:34 a.m.•17 views

CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS0.00032EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by