CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/29 7:7 p.m.•10 views

CVE-2026-45613

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47...

3.3CVSS5.8AI score0.00013EPSS

Exploits0References3

CVE•added 2026/05/29 7:7 p.m.•14 views

CVE-2026-45613

CVE-2026-45613 affects Rizin; a heap-buffer-overflow is reported in the OMF parser (librz/bin/format/omf/omf.c). The vulnerability is mitigated by the commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47. CVSSv3.1 vector from the entry: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N with base score 3.3 (LOW). Th...

3.3CVSS5.8AI score0.00013EPSS

Vulnrichment•added 2026/05/29 7:7 p.m.•8 views

CVE-2026-45613 Rizin: Heap-buffer-overflow in OMF parser

3.3CVSS5.8AI score0.00013EPSS

CVE•added 2026/05/29 6:15 p.m.•16 views

CVE-2026-49383

JetBrains IntelliJ IDEA prior to 2026.1 has a low-severity issue in the UI Designer form parser (xXE) that is locally exploitable with user interaction required. The CVSS 3.1 vector indicates Local access, Low complexity, no privileges, with Confidentiality impact Low and no impact on Integrity/A...

Exploits0References1Affected Software1

Cvelist•added 2026/05/29 6:15 p.m.•33 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

3.3CVSS0.00001EPSS

ATTACKERKB•added 2026/05/29 6:15 p.m.•9 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

Vulnrichment•added 2026/05/29 6:15 p.m.•11 views

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

EUVD•added 2026/05/29 6:15 p.m.•9 views

EUVD-2026-33391

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

Rockylinux•added 2026/05/29 4:3 p.m.•12 views

glib2 security update

An update is available for glib2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GLib provides the core application building blocks for libraries and...

9.8CVSS5.8AI score0.0005EPSS

Exploits0

OSV•added 2026/05/29 4:3 p.m.•8 views

RLSA-2026:19148 Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: GLib: Buffer underflow...

6.5CVSS6.4AI score0.0005EPSS

Exploits0References3

RedhatCVE•added 2026/05/29 2:21 p.m.•7 views

CVE-2026-44378

A flaw was found in Botan, a C++ cryptography library. A remote attacker could exploit this vulnerability by sending specially crafted Basic Encoding Rules BER data with indefinite length encodings. This could cause quadratic behavior in the parser, leading to a denial of service DoS due to...

7.5CVSS5.8AI score0.00055EPSS

OSV•added 2026/05/29 1:35 p.m.•6 views

OESA-2026-2500 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.7AI score0.00011EPSS

Exploits1References2

OSV•added 2026/05/29 1:35 p.m.•5 views

OESA-2026-2498 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...

7.5CVSS5.8AI score0.00013EPSS

OSV•added 2026/05/29 1:33 p.m.•7 views

OESA-2026-2467 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative siz...

6.5CVSS6AI score0.00054EPSS

Exploits0References3

Cvelist•added 2026/05/29 1:11 p.m.•32 views

CVE-2026-45619 AVideo CVE-2026-43884 incomplete fix - `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post

WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL for DNS pinning via CURLOPTRESOLVE, opening DNS-rebinding TOCTOU...

6.5CVSS0.00038EPSS