CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6655 matches found

Tenable Nessus•added 2026/01/22 12:0 a.m.•2 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21896)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21896 advisory. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths giv...

9.8CVSS5.5AI score0.01262EPSS

Exploits0References2

Tenable Nessus•added 2026/01/22 12:0 a.m.•4 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-21866)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21866 advisory. - In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by...

5.5CVSS5.2AI score0.00209EPSS

Exploits0References2

Redos•added 2026/01/20 12:0 a.m.•9 views

ROS-20260120-7307

A vulnerability in the powerpc/code-patching component of the Linux operating system kernel is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS6.6AI score0.00209EPSS

Exploits0

Tenable Nessus•added 2026/01/15 12:0 a.m.•2 views

KernelCare : Live Kernel Patching

KernelCare is being used to maintain the remote host's operating system kernel without requiring reboots. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. include"compat.inc"; if description scriptid286277; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate",...

5.5AI score

Exploits0References1

HackRead•added 2026/01/12 6:16 p.m.•4 views

5 Best Secure Container Images for Modern Applications (2026)

Secure container images are now essential for modern apps. These five options help teams reduce risk, cut patching effort, and improve long-term security...

7AI score

Exploits0

RedhatCVE•added 2026/01/09 11:27 a.m.•7 views

CVE-2021-33191

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...

9.8CVSS7AI score0.04024EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:25 a.m.•6 views

CVE-2023-4919

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

6.4CVSS5.7AI score0.00519EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:44 a.m.•11 views

CVE-2022-23594

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

8.8CVSS6.7AI score0.0014EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:44 a.m.•10 views

CVE-2022-23622

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting XSS vector in the registerinline.vm template related to the xredirect hidden field. This template is only used in the following conditions:...

7.4CVSS5.5AI score0.00992EPSS

Exploits0References1

OSV•added 2026/01/08 2:49 p.m.•22 views

CVE-2026-22034 Snuffleupagus vulnerable to RCE on instances with upload validation enabled but without the VLD package

Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...

9.2CVSS6.8AI score0.00657EPSS

Exploits1References10

SUSE CVE•added 2025/12/17 12:24 a.m.•4 views

SUSE CVE-2025-68259

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or select INTn instruction, discard the exception and retry the instruction if the code stream is changed...

5.5CVSS6.5AI score0.00161EPSS

Exploits0References21

EUVD•added 2025/12/16 3:30 p.m.•2 views

EUVD-2025-203736

6AI score0.00161EPSS

Exploits0References5

OSV•added 2025/12/16 3:15 p.m.•5 views

AZL-72497 CVE-2025-68259 affecting package kernel for versions less than 6.6.121.1-1

5.8AI score0.00161EPSS

Exploits0References1

NVD•added 2025/12/16 3:15 p.m.•5 views

CVE-2025-68259

0.00161EPSS

Exploits0References6

OSV•added 2025/12/16 3:15 p.m.•2 views

UBUNTU-CVE-2025-68259

5.7AI score0.00161EPSS

Exploits0References27

UbuntuCve•added 2025/12/16 3:15 p.m.•2 views

CVE-2025-68259

5.9AI score0.00161EPSS

Exploits0References25

OSV•added 2025/12/16 2:45 p.m.•3 views

CVE-2025-68259 KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced

6.4AI score0.00161EPSS

Exploits0References9

CVE•added 2025/12/16 2:45 p.m.•18 views

CVE-2025-68259

Summary: In the Linux kernel’s KVM/SVM path, re-injecting a soft interrupt when replacing INT3/INT0/INTn can lead to decoding a different instruction and thus a wrong next RIP. This can clobber guest state and trigger a guest panic (e.g., Oops: int3) if the RIP lookup uses the incorrect instructi...

6.2AI score0.00161EPSS

Exploits0References6