CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20412 matches found

CNNVD•added 2026/04/15 12:0 a.m.•5 views

goldmark 安全漏洞

Goldmark is a Markdown parser written in Go language by Yusuke Inuzuka. Versions of Goldmark prior to 1.7.17 contained security vulnerabilities, which were caused by improper URL validation and normalization order. These vulnerabilities could lead to cross-site scripting attacks...

6.1CVSS5.7AI score0.0005EPSS

Exploits0References1

Tenable Nessus•added 2026/04/15 12:0 a.m.•2 views

AlmaLinux 10 : perl-XML-Parser (ALSA-2026:7680)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:7680 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and...

9.8CVSS5.9AI score0.00035EPSS

Exploits0References4

Positive Technologies•added 2026/04/15 12:0 a.m.•0 views

PT-2026-33002

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print gvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS6.1AI score0.00039EPSS

Exploits1References6

Tenable Nessus•added 2026/04/15 12:0 a.m.•2 views

RockyLinux 10 : perl-XML-Parser (RLSA-2026:7680)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7680 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and...

9.8CVSS5.9AI score0.00035EPSS

Exploits0References5

Github Security Blog•added 2026/04/14 11:41 p.m.•5 views

Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem

Summary fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a parse error. Because iodine vendors the same parser code, the issue also affects iodine when it parses...

8.7CVSS5.9AI score0.0006EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/14 11:41 p.m.•2 views

GHSA-2X79-GWQ3-VXXM Uncontrolled resource consumption and loop with unreachable exit condition in facil.io and downstream iodine ruby gem

8.7CVSS5.9AI score0.0006EPSS

Exploits0References5

Snyk•added 2026/04/14 11:27 p.m.•3 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/04/14 11:27 p.m.•1 views

HTTP Response Splitting

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/04/14 11:27 p.m.•2 views

HTTP Response Splitting

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/04/14 11:27 p.m.•4 views

HTTP Response Splitting

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/04/14 11:27 p.m.•2 views

HTTP Response Splitting

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/04/14 11:27 p.m.•6 views

HTTP Response Splitting

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/04/14 11:27 p.m.•2 views

HTTP Response Splitting

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/04/14 11:27 p.m.•2 views

HTTP Response Splitting

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/04/14 11:27 p.m.•2 views

HTTP Response Splitting

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/04/14 11:27 p.m.•2 views

HTTP Response Splitting

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

Snyk•added 2026/04/14 11:27 p.m.•3 views

HTTP Response Splitting

8.7CVSS6.2AI score0.00057EPSS

Exploits0References2

SUSE CVE•added 2026/04/14 11:26 p.m.•3 views

SUSE CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

5.3CVSS6AI score0.00137EPSS

Exploits1References4

OSV•added 2026/04/14 10:29 p.m.•1 views

GHSA-G6V3-WV4J-X9HG October Rain has Environment Variable Exfiltration via INI Parser Interpolation

A server-side information disclosure vulnerability was identified in the INI settings parser. PHP's parseinistring function supports $ syntax for environment variable interpolation. Attackers with Editor access could inject $APPKEY, $DBPASSWORD, or similar patterns into CMS page settings fields,...

4.9CVSS5.7AI score0.00014EPSS

Exploits0References3

Github Security Blog•added 2026/04/14 10:29 p.m.•2 views

October Rain has Environment Variable Exfiltration via INI Parser Interpolation

4.9CVSS5.7AI score0.00014EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by