CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 5 days ago•22 views

CVE-2026-49136 Banana Slides 0.4.0 Path Traversal via generate_image() in ai_service.py

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

8.7CVSS0.00132EPSS

Exploits0References4

RedHat Linux•added 5 days ago•7 views

openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

7.5CVSS7.3AI score0.00154EPSS

Exploits0References5

ATTACKERKB•added 5 days ago•6 views

CVE-2026-45284

Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0...

4.6CVSS5.7AI score0.00039EPSS

Exploits0References4Affected Software1

Cvelist•added 5 days ago•24 views

CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

3.3CVSS0.00022EPSS

Vulnrichment•added 5 days ago•6 views

CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

3.3CVSS5.7AI score0.00022EPSS

EUVD•added 5 days ago•7 views

EUVD-2026-33703

Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2...

3.3CVSS5.9AI score0.0001EPSS

Cvelist•added 5 days ago•26 views

CVE-2026-45156 Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC

Nextcloud is an open source content collaboration platform. From versions 0.3.0 to before 3.1.0, 5.0.0 to before 5.1.0, and 6.0.0 to before 6.4.0, a missing signature verification in User OIDC allowed a malicious ID4me authority to identify as any user. This issue has been patched in versions...

8.1CVSS0.00028EPSS

EUVD•added 5 days ago•7 views

EUVD-2026-33665

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

10CVSS5.8AI score0.00033EPSS

Vulnrichment•added 5 days ago•7 views

CVE-2022-4991 Tychon is vulnerable to privilege escalation due to OPENSSLDIR location

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

6.3AI score0.00049EPSS

Exploits0References1

EUVD•added 5 days ago•2 views

EUVD-2024-54939

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing. This issue affects QR Menü: from s1.05.05 before v1.05.12...

6.3CVSS5.8AI score0.00046EPSS

OSV•added 5 days ago•8 views

USN-8352-1 libreoffice vulnerability

Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS6.1AI score0.00016EPSS

8.8CVSS5.7AI score0.00015EPSS

SUSE-SU-2026:21945-1 Security update for nvidia-open-driver-G06-signed

This update for nvidia-open-driver-G06-signed fixes the following issues: - Get rid of "'naked' return found in MITIGATIONRETHUNK build" objtool warnings bsc1212841, bsc1263834 - update CUDA variant to 580.159.03 - update non-CUDA variant to 580.159.03 bsc1262749 - Fixes CVEs: CVE-2025-33221,...

Exploits0References16

8.8CVSS5.7AI score0.00015EPSS

SUSE-SU-2026:21882-1 Security update for nvidia-open-driver-G06-signed

Exploits0References16

8.8CVSS5.8AI score0.00015EPSS

SUSE-SU-2026:21920-1 Security update for nvidia-open-driver-G07-signed

This update for nvidia-open-driver-G07-signed fixes the following issues: - update CUDA variant to 595.71.05 - update non-CUDA variant to 595.71.05 bsc1262574 - CVEs fixed: CVE-2025-33221, CVE-2026-24187, CVE-2026-24182, CVE-2026-24192, CVE-2026-24194, CVE-2026-24195, CVE-2026-24196,...

Exploits0References14

8.8CVSS5.8AI score0.00015EPSS

SUSE-SU-2026:21878-1 Security update for nvidia-open-driver-G07-signed

Exploits0References14

GithubExploit•added 5 days ago•52 views

bastion-waf-simulator

BASTION — Web Application Firewall Simulator A real-time We...

6AI score

Exploits0

Cvelist•added 5 days ago•28 views

CVE-2026-40961 Apache Airflow: Open Redirect Bypass Vulnerability

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

0.00085EPSS