CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/28 5:11 p.m.•24 views

CVE-2026-46561 pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest used by the parseurls API. An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...

5CVSS0.00028EPSS

CVE•added 2026/05/28 5:11 p.m.•5 views

CVE-2026-46561

CVE-2026-46561 concerns pyLoad/pyload-ng SSRF via the parse_urls API. The vulnerability arises because HTTPRequest uses allow_private_ip = True by default, allowing redirects to private IPs to be followed after initial URL validation passes is_global_host. The parse_urls flow validates the initia...

5CVSS5.8AI score0.00028EPSS

Vulnrichment•added 2026/05/28 5:11 p.m.•3 views

CVE-2026-46561 pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API

5CVSS5.8AI score0.00028EPSS

Snyk•added 2026/05/28 5:4 p.m.•5 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the Parse function. An attacker can exhaust CPU resources and generate excessive log output by sending oversized or malformed headers that are processed without length checks. Remediation...

Snyk•added 2026/05/28 5:4 p.m.•5 views

Memory Allocation with Excessive Size Value

Snyk•added 2026/05/28 5:4 p.m.•6 views

Memory Allocation with Excessive Size Value

Snyk•added 2026/05/28 5:4 p.m.•6 views

Memory Allocation with Excessive Size Value

EUVD•added 2026/05/28 4:27 p.m.•3 views

EUVD-2026-32950

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

5.8AI score0.00054EPSS

SUSE CVE•added 2026/05/28 3:56 a.m.•5 views

SUSE CVE-2026-45921

In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: Fix memory leak in mtdparsertplinksafeloaderparse The function mtdparsertplinksafeloaderparse allocates buf via mtdparsertplinksafeloaderreadtable. If the allocation for partsidx.name fails inside the loop, the code...

5.9AI score0.00024EPSS

Exploits0References3

SUSE CVE•added 2026/05/28 3:54 a.m.•6 views

SUSE CVE-2026-46018

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop parsing UAC2 rates at MAXNRRATES parseuac2sampleraterange caps the number of enumerated rates at MAXNRRATES, but it only breaks out of the current rate loop. A malformed UAC2 RANGE response with additional...

5.8AI score0.00037EPSS

Exploits0References3

RedhatCVE•added 2026/05/28 1:23 a.m.•6 views

CVE-2026-45921

A flaw was found in the Linux kernel's mtd: parsers component. A memory leak occurs in the mtdparsertplinksafeloaderparse function. This happens when a buffer is allocated but not freed if a subsequent allocation for a part name fails, leading to unreleased memory. This could potentially lead to...

6AI score0.00024EPSS

Exploits0References4

RedhatCVE•added 2026/05/28 1:7 a.m.•5 views

CVE-2026-45925

A flaw was found in the Linux kernel's thermal management module. A reference leak occurs in the thermalofcmlookup function because a device node trnp obtained through ofparsephandle is not properly released. This issue can lead to resource exhaustion over time, potentially impacting system...

5.5CVSS5.8AI score0.00023EPSS

Exploits0References4

Github Security Blog•added 2026/05/27 9:33 p.m.•8 views

Symfony hardened the parser when handling untrusted input

Description Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

5.8AI score

Exploits0References6Affected Software2

RedhatCVE•added 2026/05/27 8:14 p.m.•3 views

CVE-2026-46030

A flaw was found in the Linux kernel's EDAC/versalnet component. The mcprobe function fails to release a devicenode reference obtained from ofparsephandle. This oversight leads to a memory leak, which could potentially result in a Denial of Service DoS condition due to resource exhaustion...

5.8AI score0.00022EPSS

Exploits0References4

NVD•added 2026/05/27 5:16 p.m.•8 views

CVE-2026-44483

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS0.00055EPSS

Snyk•added 2026/05/27 3:39 p.m.•1 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the parseinterface function. An attacker can cause a crash of the application by providing a crafted USB configuration descriptor, such as via virtualized USB passthrough, file-based descriptor parsing, or...

6.9CVSS5.8AI score0.00012EPSS