CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/03/06 1:32 a.m.•5 views

CVE-2026-3616

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is...

6.5CVSS5.8AI score0.00204EPSS

Exploits0References7Affected Software1

NVD•added 2026/03/02 3:16 a.m.•3 views

CVE-2026-3407

A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...

4.8CVSS0.00126EPSS

Cvelist•added 2026/03/02 3:2 a.m.•22 views

CVE-2026-3407 YosysHQ yosys BLIF File rtlil.h set heap-based overflow

4.8CVSS0.00126EPSS

EUVD•added 2026/03/02 3:2 a.m.•4 views

EUVD-2026-9140

CVE•added 2026/03/02 3:2 a.m.•10 views

CVE-2026-3407

CVE-2026-3407 affects YosysHQ yosys up to 0.62, specifically the function Yosys::RTLIL::Const::set in kernel/rtlil.h of the BLIF File Parser. This vulnerability enables a heap-based buffer overflow and, per the description, may be exploited locally. The exploit has been publicly disclosed. A patc...

Vulnrichment•added 2026/03/02 3:2 a.m.•4 views

CVE-2026-3407 YosysHQ yosys BLIF File rtlil.h set heap-based overflow

ATTACKERKB•added 2026/03/02 3:2 a.m.•4 views

CVE-2026-3407

Exploits0References8Affected Software1

OSV•added 2026/02/27 3:16 a.m.•2 views

CVE-2026-3283

A vulnerability has been found in libvips 8.19.0. This issue affects the function vipsextractbandbuild of the file libvips/conversion/extract.c. The manipulation of the argument extractband leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to th...

7.1CVSS5.2AI score

ATTACKERKB•added 2026/02/27 3:2 a.m.•2 views

CVE-2026-3285

A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scanstring of the file src/belexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name:...

7.8CVSS5.4AI score0.00223EPSS

Exploits1References8Affected Software1

Cvelist•added 2026/02/27 3:2 a.m.•21 views

CVE-2026-3285 berry-lang berry be_lexer.c scan_string out-of-bounds

4.8CVSS0.00223EPSS

Positive Technologies•added 2026/02/26 12:0 a.m.•5 views

PT-2026-22281

Warning: Critical OS command injection vulnerability in various Zyxel routers. CVE-2026-13942 CVSS: 9.8. More info: https://t.co/OP4W33By2v Patch Patch Patch...

5.4AI score

Exploits0References1

ATTACKERKB•added 2026/02/25 3:32 a.m.•5 views

CVE-2026-3147

A vulnerability was found in libvips up to 8.18.0. This affects the function vipsforeignloadcsvbuild of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch i...

7.8CVSS5.5AI score0.00209EPSS

NVD•added 2026/02/23 1:16 a.m.•6 views

CVE-2026-2963

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS0.00192EPSS

Exploits0References4

CVE•added 2026/02/23 12:32 a.m.•11 views

CVE-2026-2963

Jinher OA C6 (up to 20260210) is affected by an injection in OfficeSupplyTypeRight.aspx via manipulation of id/offsnum leading to SQL injection. Remote attack possible; exploit publicly disclosed. Patch is recommended to address the issue.

6.5CVSS6.4AI score0.00192EPSS

Exploits0References4

OSV•added 2026/02/22 4:15 a.m.•4 views

CVE-2026-2913

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vipssourcereadtomemory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as...

7CVSS5AI score

OSV•added 2026/02/22 4:15 a.m.•4 views

UBUNTU-CVE-2026-2913

7CVSS5.4AI score0.00182EPSS

Exploits1References10

Vulnrichment•added 2026/02/22 4:2 a.m.•4 views

CVE-2026-2913 libvips source.c vips_source_read_to_memory heap-based overflow

2.5CVSS4AI score0.00182EPSS

Cvelist•added 2026/02/10 2:32 a.m.•35 views

CVE-2026-2259 aardappel lobster Parsing parser.h ParseStatements memory corruption

A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local...

4.8CVSS0.00215EPSS

NVD•added 2026/02/09 8:15 p.m.•10 views

CVE-2026-2246

A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltagdetectordetect of the file apriltag.c. The manipulation leads to memory corruption. The attack must be carried out locally. The exploit has been disclosed...

4.8CVSS0.00153EPSS