CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20018 matches found

CVE-2026-10115

A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be...

5.3CVSS5.5AI score0.00057EPSS

Exploits0References1

RedhatCVE•added yesterday•1 views

CVE-2026-45686

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

7.5CVSS5.9AI score0.0005EPSS

Exploits1References1

GithubExploit•added yesterday•21 views

ParamStriker

ParamStriker Offline JSON & Query Parameter Exploit Frame...

6AI score

Exploits0

Cvelist•added yesterday•11 views

CVE-2026-44546 Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

3.7CVSS

Exploits0References1

RedhatCVE•added yesterday•2 views

CVE-2026-48682

A flaw was found in FastNetMon Community Edition. This vulnerability, located in the IPv4 packet parser, allows a remote attacker to send specially crafted network packets. This can lead to an out-of-bounds read, potentially disclosing sensitive information or causing the system to crash, resulti...

5.8AI score0.00017EPSS

Exploits0References2

Cvelist•added yesterday•7 views

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

Exploits0References1

ATTACKERKB•added yesterday•1 views

CVE-2026-26824

5.8AI score

Exploits0References2

Tenable Nessus•added yesterday•1 views

AIX : Multiple Vulnerabilities (IJ58140)

The version of AIX installed on the remote host is prior to APAR IJ58140. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ58140 advisory. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD...

7.5CVSS5.8AI score0.00088EPSS

Exploits1References6

NVD•added 2 days ago•5 views

CVE-2026-45685

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetr...

7.5CVSS0.00081EPSS

Exploits1References2

NVD•added 2 days ago•4 views

CVE-2026-45686

7.5CVSS0.0005EPSS

Exploits1References2

NVD•added 2 days ago•3 views

CVE-2026-45676

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section...

5.5CVSS0.00019EPSS

Exploits1References2

EUVD•added 2 days ago•4 views

EUVD-2026-33959

7.5CVSS5.9AI score0.0005EPSS

Exploits1References2

EUVD•added 2 days ago•3 views

EUVD-2026-33958

7.5CVSS5.8AI score0.00081EPSS

Exploits1References2

Cvelist•added 2 days ago•29 views

CVE-2026-45685 OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages

7.5CVSS0.00081EPSS

Exploits1References2

Vulnrichment•added 2 days ago•4 views

CVE-2026-45685 OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages

7.5CVSS5.8AI score0.00081EPSS

Exploits1References2

CVE•added 2 days ago•7 views

CVE-2026-45685

Summary: OpenTelemetry eBPF Instrumentation is affected by a remote DoS in its MongoDB parser. From version 0.1.0 up to before 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing an unauthenticated attacker to crash the telemetry agent and termin...

7.5CVSS5.8AI score0.00081EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2 days ago•2 views

CVE-2026-45678

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted empty or unterminated payload can make OBI slice beyond th...

7.5CVSS5.9AI score0.00059EPSS

Exploits1References3Affected Software1

EUVD•added 2 days ago•3 views

EUVD-2026-33951

5.5CVSS5.8AI score0.00019EPSS

Exploits1References2

Nuclei•added 2 days ago•122 views

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...

10CVSS7.3AI score0.94098EPSS

Exploits21References5

Nuclei•added 2 days ago•19 views

Navigate CMS 2.9.4 - Server-Side Request Forgery

Navigate CMS 2.9.4 is susceptible to server-side request forgery via feedparser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data...

4.9CVSS6AI score0.67131EPSS

Exploits6References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by