CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2 days ago•8 views

PT-2026-46878

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

5.6AI score0.00041EPSS

Exploits0References2

OSV•added 6 days ago•1 views

SUSE-SU-2026:21955-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...

EUVD•added 6 days ago•8 views

Exploits0References3

EUVD-2026-33597

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

5.8AI score0.00085EPSS

Exploits0References2

Tenable Nessus•added 6 days ago•7 views

SUSE SLED15 / SLES15 Security Update : python-urllib3 (SUSE-SU-2026:2119-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2119-1 advisory. This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to...

SUSE Linux•added 2026/05/29 3:34 p.m.•9 views

Security update for python-urllib3

This update for python-urllib3 fixes the following issue CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267. Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

NVD•added 2026/05/28 7:16 p.m.•11 views

CVE-2026-46685

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...

6CVSS0.00015EPSS

EUVD•added 2026/05/28 6:41 p.m.•7 views

EUVD-2026-32999

6CVSS5.8AI score0.00015EPSS

Positive Technologies•added 2026/05/28 12:0 a.m.•9 views

PT-2026-44473

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS CORS ALLOWED ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true a...

6CVSS5.8AI score0.00015EPSS

Exploits0References2

CNNVD•added 2026/05/28 12:0 a.m.•6 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained a security vulnerability. This vulnerability arises when RUSTFSCORSALLOWEDORIGINS is not set; in such cases, ConditionalCorsLayer reflects the Origin value and sets a relaxed...

6CVSS5.8AI score0.00015EPSS

ATTACKERKB•added 2026/05/27 9:38 p.m.•8 views

CVE-2026-9739

9.4CVSS5.8AI score0.00024EPSS

Exploits0References3

ATTACKERKB•added 2026/05/27 2:29 p.m.•7 views

CVE-2026-42184

6.1CVSS5.8AI score0.00041EPSS

Exploits1References2Affected Software1

CVE•added 2026/05/27 2:19 p.m.•10 views

CVE-2026-44830

CVE-2026-44830 affects Nocturne Memory prior to 2.4.1. When API_TOKEN is unset or empty, BearerTokenAuthMiddleware does not enforce authentication for all HTTP requests. Coupled with a default 0.0.0.0 host binding and CORS allow_origins=[""], this lets any LAN-reachable client access the Knowledg...

8.7CVSS5.9AI score0.00021EPSS

RedhatCVE•added 2026/05/27 2:12 a.m.•8 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.4CVSS5.8AI score0.00038EPSS

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-44123

Name of the Vulnerable Software and Affected Versions Toolbox affected versions not specified Description The software is susceptible to DNS rebinding attacks when using Server-Sent Events SSE under specification v2024-11-05. This occurs because the SSE initialization handler retains a hardcoded...

9.4CVSS5.8AI score0.00024EPSS

Exploits0References7

SUSE Linux•added 2026/05/26 7:29 a.m.•6 views

Security update for python-urllib3_1

This update for python-urllib31 fixes the following issue CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267. Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...

SUSE Linux•added 2026/05/26 7:11 a.m.•4 views

Security update for python-urllib3

OSV•added 2026/05/26 7:11 a.m.•5 views

SUSE-SU-2026:2065-1 Security update for python-urllib3

RedhatCVE•added 2026/05/26 2:12 a.m.•12 views

Exploits0References3

CVE-2026-44992

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...

5CVSS5.8AI score0.0001EPSS