CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2265 matches found

EUVD•added 2026/03/26 9:31 p.m.•2 views

EUVD-2026-16332

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

2.2CVSS5.8AI score0.00036EPSS

Exploits0References3

Cvelist•added 2026/03/26 9:20 p.m.•24 views

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

7.5CVSS0.0002EPSS

Exploits0References2

NVD•added 2026/03/26 9:17 p.m.•1 views

CVE-2026-0967

5.5CVSS0.00036EPSS

Exploits0References5

CVE•added 2026/03/26 8:6 p.m.•18 views

CVE-2026-0967

CVE-2026-0967 describes a denial-of-service in libssh where an attacker can craft hostnames via client config or known_hosts files that, when processed by match_pattern(), trigger inefficient regular expression backtracking. The result is timeouts and resource exhaustion on the client side. Publi...

5.5CVSS5.8AI score0.00036EPSS

Exploits0References5Affected Software2

Cvelist•added 2026/03/26 8:6 p.m.•20 views

CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing

2.2CVSS0.00036EPSS

Exploits0References5

ATTACKERKB•added 2026/03/26 8:6 p.m.•2 views

CVE-2026-0967

5.5CVSS6AI score0.00036EPSS

Exploits0References6

RedhatCVE•added 2026/03/26 3:2 p.m.•3 views

CVE-2026-32248

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider that does not validate the format of the user...

9.8CVSS5.8AI score0.001EPSS

Exploits0References1

EUVD•added 2026/03/25 5:44 p.m.•3 views

EUVD-2026-16064

LiquidJS has Exponential Memory Amplification through its replacefirst Filter $& Pattern...

7.5CVSS5.8AI score0.00039EPSS

Exploits1References2

UbuntuCve•added 2026/03/25 11:16 a.m.•3 views

CVE-2026-23324

In the Linux kernel, the following vulnerability has been resolved: can: usb: etases58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usbkillanchoredurbs is...

5.5CVSS5.7AI score0.00018EPSS

Exploits0References8

RedhatCVE•added 2026/03/24 10:14 p.m.•0 views

CVE-2026-33412

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

7.3CVSS6.2AI score0.00009EPSS

Exploits0References6

NVD•added 2026/03/24 8:16 p.m.•0 views

CVE-2026-33412

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on Unix-like systems. By including a newline character \n in a pattern passed to glob, an attacker may be able to execute arbitrary shell commands. This...

7.3CVSS0.00009EPSS

Exploits0References4

OSV•added 2026/03/24 8:16 p.m.•1 views

ALPINE-CVE-2026-33412

7.3CVSS6AI score0.00009EPSS

Exploits0References1

OSV•added 2026/03/24 8:16 p.m.•1 views

UBUNTU-CVE-2026-33412

7.3CVSS6.2AI score0.00009EPSS

Exploits0References4

EUVD•added 2026/03/24 7:43 p.m.•1 views

EUVD-2026-14998

5.6CVSS6AI score0.00009EPSS

Exploits0References3

OSV•added 2026/03/24 7:43 p.m.•0 views

CVE-2026-33412 Vim affected by Command injection via newline in glob()

5.6CVSS6AI score0.00009EPSS

Exploits0References6

AlpineLinux•added 2026/03/24 7:43 p.m.•1 views

CVE-2026-33412

7.3CVSS6AI score0.00009EPSS

Exploits0References4

ATTACKERKB•added 2026/03/24 7:43 p.m.•15 views

CVE-2026-33412

5.6CVSS6AI score0.00009EPSS

Exploits0References4Affected Software1

Packet Storm News•added 2026/03/23 12:0 a.m.•0 views

Auditing MCP Servers for Over-Privileged Tool Capabilities

The Model Context Protocol MCP has emerged as a standard for connecting Large Language Models LLMs to external tools and data. However, MCP servers often expose privileged capabilities, such as file system access, network requests, and command execution that can be exploited if not properly...

6AI score

Exploits0

SUSE CVE•added 2026/03/22 12:23 a.m.•1 views

SUSE CVE-2026-33412

5.3CVSS6AI score0.00009EPSS

Exploits0References19

OSV•added 2026/03/20 2:24 p.m.•2 views

OESA-2026-1649 qt5-qtsvg security update

The Qt SVG module provides functionality for displaying SVG images in widget, and to create SVG files using drawing commands. Security Fixes: The module will parse a pattern node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading...

9.4CVSS5.8AI score0.00022EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by