CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•28 views

CVE-2026-48720 Warp: SSH remote output can lead to local file overwrite and persistence

8.8CVSS0.00247EPSS

RedHat Linux•added 3 days ago•5 views

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

7.5CVSS5.9AI score0.01176EPSS

CVE•added 3 days ago•11 views

CVE-2026-54308

Summary (CVE-2026-54308) : In n8n, the MicrosoftAgent365Trigger and StripeTrigger nodes failed to validate inbound requests prior to versions 2.25.7 and 2.26.2. An unauthenticated attacker who knows the webhook URL could submit a forged payload and cause a workflow to execute with attacker-contro...

6.3CVSS5.9AI score0.00421EPSS

NVD•added 4 days ago•10 views

CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS0.00279EPSS

NVD•added 4 days ago•6 views

CVE-2026-42127

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS0.00432EPSS

RedHat Linux•added 4 days ago•8 views

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

7.5CVSS5.9AI score0.01176EPSS

Cvelist•added 4 days ago•31 views

CVE-2026-54274 AIOHTTP: Incomplete websocket frame payloads bypass memory limits

8.7CVSS0.00279EPSS

ATTACKERKB•added 4 days ago•2 views

CVE-2026-54274

8.7CVSS5.8AI score0.00279EPSS

Exploits0References3Affected Software1

CVE•added 4 days ago•19 views

CVE-2026-54274

The CVE-2026-54274 entry concerns AIOHTTP (async HTTP framework for asyncio/Python). It identifies that prior to version 3.14.1, an attacker could send large incomplete websocket frame payloads, potentially bypassing memory-use limits. The vulnerability affects AIOHTTP’s websocket handling logic ...

8.7CVSS5.8AI score0.00279EPSS

ATTACKERKB•added 4 days ago•4 views

CVE-2026-42127

7.5CVSS5.9AI score0.00432EPSS

Exploits0References2Affected Software1

EUVD•added 4 days ago•6 views

EUVD-2026-38309

7.5CVSS5.9AI score0.00432EPSS

Vulnrichment•added 4 days ago•6 views

CVE-2026-9029 Stored XSS via Geomap Panel Template Variable Attribution Injection

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS5.9AI score0.00296EPSS

ATTACKERKB•added 5 days ago•3 views

CVE-2026-56393

Craft CMS 4.x = 4.0.0-RC1, = 5.0.0-RC1, 5.9.0-beta.1 contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered without sanitization e.g., via the checkbox.twig template, which used label|raw . An authenticated administrator with...

4.8CVSS5.9AI score0.00183EPSS

OSSF Malicious Packages•added 6 days ago•8 views

Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score

OSV•added 6 days ago•6 views

MAL-2026-6247 Malicious code in requests-enhancer (PyPI)

6.7AI score