CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2 days ago•2 views

CVE-2026-10629

5.7AI score0.00015EPSS

CVE•added 2 days ago•4 views

CVE-2026-10629

CVE-2026-10629 concerns Verizon IMS SIP signaling lacking IPsec integrity protection. The SIP signaling stack (unspecified Verizon IMS version) reportedly sends SIP messages without ESP encapsulation or Security-Client/Security-Server headers, exposing REGISTER, INVITE, MESSAGE, BYE, UPDATE, and ...

7.4CVSS5.7AI score0.00015EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-33802

In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.1AI score0.00005EPSS

Cvelist•added 3 days ago•22 views

CVE-2025-59609 Buffer Over-read in WLAN Host Communication

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length...

5.5CVSS0.00029EPSS

Exploits0References1

CVE•added 3 days ago•18 views

CVE-2026-0091

Technical details about CVE-2026-0091 are not publicly available in the provided documents. No affected products, versions, or remediation are specified here. Monitor the sources for updates.

7.8CVSS6.1AI score0.00005EPSS

Exploits0References1Affected Software1

RedHat Linux•added 3 days ago•8 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS5.8AI score0.00106EPSS

Exploits0References5

SUSE CVE•added 3 days ago•13 views

SUSE CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.00038EPSS

OSV•added 3 days ago•3 views

ASB-A-438742644

7.8CVSS6.1AI score0.00005EPSS

Exploits0References1

Tenable Nessus•added 3 days ago•5 views

RHEL 10 : ovn25.09 (RHSA-2026:22111)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22111 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

8.6CVSS5.9AI score0.0004EPSS

Exploits0References13

Cvelist•added 6 days ago•24 views

CVE-2026-47741 Shopper: Race condition on Discount.usage_limit allows silent over-redemption

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS0.00025EPSS

ATTACKERKB•added 6 days ago•3 views

CVE-2026-47741

Exploits0References4Affected Software1

Vulnrichment•added 6 days ago•6 views

CVE-2026-47741 Shopper: Race condition on Discount.usage_limit allows silent over-redemption

EUVD•added 6 days ago•4 views

EUVD-2026-33409

CVE•added 6 days ago•8 views

CVE-2026-47741

CVE-2026-47741 affects Shopper, a Headless e-commerce Admin Panel. Before 2.8.0, CreateOrderFromCartAction::execute created the Order row before incrementing the discount’s total_use, allowing a race condition under concurrent checkout that silently exceeded the global usage_limit and applied the...

OSV•added 6 days ago•6 views

RLSA-2026:19144 Important: golang-github-openprinting-ipp-usb security update

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol. Security Fixes: crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application CVE-2026-33810...

8.8CVSS7.2AI score0.00021EPSS

Exploits0References5

RedhatCVE•added 6 days ago•3 views

CVE-2026-32934

A flaw was found in CoreDNS, a DNS server that chains plugins. The DNS-over-QUIC DoQ server is vulnerable to unbounded resource growth. An unauthenticated remote attacker can exploit this by opening numerous QUIC streams and sending only one byte per stream, causing the server to spawn excessive...

8.7CVSS5.7AI score0.00235EPSS

Exploits1References5

Mageia•added 6 days ago•17 views

Updated bind packages fix security vulnerabilities

Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...

9.8CVSS5.8AI score0.00143EPSS